Skillv2.6.0

ClawScan security

Okx Dapp Discovery · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:11 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with being a router/launcher for third‑party DeFi plugins: it contains routing rules and forwards user intent to other plugins (which actually perform trades); it requests no credentials or installs itself, though some details about how plugins are installed are left implicit.
Guidance: This skill is a dispatcher that resolves user mentions of DApps/tokens and forwards the request to the appropriate third‑party plugin, which then performs actions (trades, bets, transfers). It does not request credentials itself, but installed plugins may require wallet access or API keys — review any plugin's quickstart and permission prompts before approving installation. Pay special attention to pump.fun and other high‑risk WRITE intents: the skill treats those as routine installs but those operations carry financial and legal risk. If you need stronger assurance, ask for the full SKILL.md and explicit platform install steps (how the agent installs plugins and what approval prompts are shown), and review the target plugins' permissions and source (repository/homepage) before enabling automated routing.

Review Dimensions

Purpose & Capability: noteThe name/description (a DApp/plugin router for many DeFi protocols) matches the SKILL.md's routing rules and triggers. It claims to 'install' and forward prompts to other plugins — which is coherent for a bootstrap/router layer — but the SKILL.md does not include a platform-level install spec or explicit instructions for how the agent performs the plugin installation (it references a GitHub Contents API probe). This is an implementation detail gap, not necessarily malicious, but worth noting.
Instruction Scope: noteThe instructions focus on matching user utterances to supported DApps/tokens and routing to the appropriate plugin. They do not (in the excerpt provided) direct the agent to read unrelated files or exfiltrate secrets. They do, however, enable forwarding user prompts that can cause trades/bets/transfers because those actions are delegated to the target plugins — this is expected for the stated purpose but increases operational risk and requires the user to trust downstream plugins.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which is low risk. The SKILL.md refers to probing plugin-store/catalog (GitHub Contents API) and on-demand installs, but provides no raw-download URLs or custom installers. The absence of an install script is consistent with a bootstrap/dispatcher that relies on the platform's plugin installation APIs.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That aligns with its role as a router — it defers wallet/auth responsibilities to other plugins (the SKILL.md explicitly references separate wallet/portfolio plugins).
Persistence & Privilege: okalways is false and model invocation is allowed (platform defaults). The skill does not request permanent/always-on privileges or modify other skills' configs in the provided excerpt.