Skillv1.0.0

ClawScan security

Kraken CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 7:56 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate Kraken CLI, but the declared runtime requirements in SKILL.md/registry are incomplete and several files referenced by the runtime (CLI binary and endpoint registries) are missing from the manifest — these mismatches should be resolved before trusting the skill with real secrets or autonomous invocation.
Guidance: This skill looks like a genuine Kraken CLI, but there are important mismatches you should clear up before installing or giving it real API secrets: - Confirm required secrets: The code needs KRAKEN_API_SECRET (and futures secrets) in addition to the declared KRAKEN_API_KEY; the registry metadata should be updated to list all required secret env vars. Do not provide real keys until you confirm which secrets are requested. - Confirm required binaries: The runtime validates node, base64, od and may require jq for certain output modes, but SKILL.md only lists bash, curl, openssl. Ensure your environment has the actual binaries the code checks for. - Missing artifacts: The manifest does not include the CLI entrypoint (bin/openclaw-kraken) nor the endpoints TSV files referenced by the code. Ask the publisher to provide the missing files or an updated package — otherwise the skill will fail or behave unexpectedly. - Network destinations: The code enforces use of configured base URLs for REST, but the websocket helper accepts arbitrary --url in examples. If you plan to allow autonomous invocation, restrict allowed destination URLs or audit any --url input to avoid connecting to untrusted endpoints. - Secrets handling: The skill claims to read secrets from environment only and to redact secrets from logs; the implementation contains explicit redaction and signing code, which looks consistent. Nevertheless, only provide secrets via OpenClaw secret refs (not plaintext) and test in simulated mode first (KRAKEN_SIMULATE=true) with non-production keys. If the publisher can update SKILL.md/registry metadata to list all required env vars and binaries and supply the missing CLI and endpoints files, this skill would become coherent and more trustworthy. Until then treat it as suspicious and avoid supplying production credentials or enabling autonomous runs.

Review Dimensions

Purpose & Capability: concernThe skill's name and description (Kraken CLI for spot/futures/ws) match the code and docs. However the registry/SKILL metadata under-reports required runtime state: the code requires private secrets (KRAKEN_API_SECRET, KRAKEN_FUTURES_API_SECRET, etc.) and many non-secret settings (KRAKEN_API_VERSION, futures base URL, websocket URLs) that are not declared as required in the skill metadata. Requiring API keys is expected for this purpose, but the metadata should list all required secrets/config so callers know what will be requested.
Instruction Scope: concernSKILL.md instructs the agent to use a local CLI (bin/openclaw-kraken) and to only read secrets from environment, validate base URLs, and refuse missing config. The code enforces those guardrails. However the manifest does not include the CLI binary (bin/openclaw-kraken) or the config endpoint TSVs the runtime validates/reads; those missing artifacts are required for normal operation. The ws helper also accepts arbitrary --url in some commands, which is allowed by examples but nominally conflicts with the SKILL.md rule to 'Use configured base URLs only' unless the operator explicitly uses the open 'ws open' command — this expands the network destination surface and should be noted.
Install Mechanism: okThe skill is instruction-only (no external download/install spec), and all code is included in the bundle. There is no external installer or network download during install, which is low risk in itself.
Credentials: concernRegistry metadata declares KRAKEN_API_BASE_URL and KRAKEN_API_KEY (primary) but the runtime requires additional secrets and envs: KRAKEN_API_SECRET, KRAKEN_FUTURES_API_KEY, KRAKEN_FUTURES_API_SECRET, KRAKEN_API_VERSION, KRAKEN_FUTURES_API_BASE_URL, KRAKEN_WS_* URLs, and others. Required binaries validated by the code include node, base64, od and optionally jq; the declared required binaries only list bash, curl, openssl. The mismatch means the skill may request secrets or binaries at runtime that were not advertised.
Persistence & Privilege: okalways is false and the skill does not request to be force-included. disable-model-invocation is false (normal). The skill does not appear to modify other skills or system-wide agent settings.