Skillv1.1.0

ClawScan security

Quant Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 11:29 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The package mostly matches a multi‑coin quant tool, but it contains unexplained hardcoded billing credentials and network calls (billing + market API) and mismatches between declared requirements and the actual code — these inconsistencies warrant caution.
Guidance: This skill contains plausible quant code but also several red flags you should resolve before installing or using it with real data or funds: 1) billing.py embeds a hardcoded API key and calls a third‑party billing API — ask the author why a secret is in the repository and request that billing keys be provided via environment variables or handled by the platform (and rotate the embedded key immediately). 2) The SKILL.md and registry declare no credentials or dependencies, yet the code uses requests, numpy, and lightgbm and will make outbound network calls to api.hyperliquid.xyz and skillpay.me — verify these endpoints are expected and safe. 3) Several files hardcode a local model path (/Users/a/...), so running CLI entrypoints might read local files — run the skill in a sandbox and inspect what files it opens. 4) Ask the publisher for provenance (homepage, source repo, author identity) and why billing is implemented inline. 5) If you test it, do so in an isolated environment with no access to your production secrets or wallets, and monitor outbound network traffic. If the author cannot justify the embedded billing key or the undeclared dependencies/endpoints, do not install or run the skill.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a multi‑agent quant orchestrator, which explains the prediction, backtest and strategy code. However, there are surprising elements that don't belong to that stated purpose: a standalone billing module (billing.py) with a hardcoded API key and skillpay API URL, and multiple files referencing a local absolute model path (/Users/a/.openclaw/...), while the skill metadata declares no credentials or config requirements. The code also imports heavy dependencies (lightgbm, numpy, requests) though the SKILL.md and registry declare no required packages. These are disproportionate or undeclared relative to the simple description.
Instruction Scope: noteSKILL.md shows normal usage examples (instantiating MultiCoinPredictor and calling run_all) and lists pricing, but it does not document when or how billing is invoked, nor how model files are provided. The code will make outbound POSTs to https://api.hyperliquid.xyz/info to fetch prices and billing.py calls https://skillpay.me endpoints. The CLI sections hardcode a local model path and may attempt to read local files if executed. The runtime instructions are not explicit about network calls, local file access, or charging behavior, giving the agent broad ability to call external endpoints and access local model files if run.
Install Mechanism: okThere is no install spec (no external downloads or archive extraction), so nothing is fetched during install. The risk comes from the included source files themselves (they will be present in the skill), but there is no installer that pulls arbitrary code from untrusted URLs.
Credentials: concernThe registry declares no required environment variables or credentials, yet billing.py contains a hardcoded API key and contacts an external billing service. That embedded credential is sensitive and not declared. The skill also performs network requests to third‑party endpoints (market data and billing) without declaring those endpoints or requiring explicit authorization. The code references a user home path for model files, which implies filesystem access to potentially sensitive local files.
Persistence & Privilege: okThe skill is not marked always:true and does not attempt to modify other skills or system config. Autonomous invocation (default) remains possible but there is no evidence the skill self‑installs persistent agents or changes global settings.