Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Defi Scout
v1.0.3On-chain DeFi intelligence for AI agents. Use when asked about wallet balances, token prices, DEX quotes, yield opportunities, protocol TVL, gas prices, or a...
⭐ 0· 91·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Most scripts (RPC calls, CoinGecko, DeFiLlama, Across) match the stated DeFi intelligence purpose. However, cmc-sentiment.js requires a CoinMarketCap API key (CMC_API_KEY) and the skill registry metadata lists no required env vars — that's an explicit mismatch. Further, cmc-sentiment.js attempts to load '../../../.env' (outside the skill), which is not needed for the stated purpose and raises coherence concerns.
Instruction Scope
SKILL.md directs the agent to run node scripts and lists public endpoints; most scripts stay within scope. But cmc-sentiment.js instructs (in code) to use dotenv to load a .env file at path require('path').join(__dirname, '../../../.env') and reads/writes '../../../memory/cmc-cache.json' outside the skill directory. This expands the agent's file access beyond the skill boundary and was not documented in registry metadata or SKILL.md.
Install Mechanism
There is no install spec (no remote downloads or package installs), which is lower risk. One caveat: cmc-sentiment.js calls require('dotenv') even though no dependencies are declared — this may cause runtime errors if dotenv is absent, but it's not an install-time code‑fetch risk.
Credentials
The skill metadata declares no required env vars, yet cmc-sentiment.js expects CMC_API_KEY. More importantly, the script proactively loads an upstream .env file (../../../.env), which could expose unrelated secrets present in a project/global .env. Requesting/reading broad env content is disproportionate to the stated functionality (only CMC_API_KEY should be necessary).
Persistence & Privilege
cmc-sentiment.js writes cache data to '../../../memory/cmc-cache.json' (creates a memory directory outside the skill). That gives the skill write persistence in parent directories. The skill is not marked always:true, and it does not modify other skills, but the external cache path and cross-directory file I/O are privileges beyond what's needed to compute and return an API result.
What to consider before installing
This skill mostly implements on-chain checks and price/yield lookups as advertised, but I found multiple red flags you should consider before installing: (1) cmc-sentiment.js expects a CMC_API_KEY even though the registry lists no env requirements; (2) that same script loads a .env from two levels above the skill (../../../.env), which can expose any secrets stored in your project's global .env — this is the primary concern; (3) it writes a cache file to ../../../memory/cmc-cache.json, creating persistent files outside the skill folder; (4) the SKILL.md mentions a 6h cache but the code uses a 24h TTL — a minor mismatch; (5) the code uses the 'dotenv' module but there is no declared dependency/install step. Recommended actions: do not install in a sensitive environment without review; inspect the .env file it would load (or better, run the skill in an isolated sandbox); remove or modify the dotenv line so the script only reads an explicitly provided CMC_API_KEY (via process.env set at runtime), or configure the runtime to provide only a restricted CMC API key; restrict or remove write permissions for the parent directory so the skill cannot create ../../../memory; and verify you trust the skill source before giving it network or filesystem access.scripts/cmc-sentiment.js:13
Environment variable access combined with network send.
scripts/cmc-sentiment.js:59
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9720g6ssrybhc2f27sf5vhqxd83gvv2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.