Skillv0.1.0

ClawScan security

Qelt Indexer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 6:00 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a read-only wrapper around the QELT indexer REST API); it makes outgoing HTTP requests to the documented endpoints and requests no credentials, though it will transmit any user-supplied addresses or hashes to the external indexer (privacy consideration).
Guidance: This skill appears to do what it says: make read-only queries to the QELT indexer. Before installing, confirm you trust the endpoint host (https://mnindexer.qelt.ai and https://tnindexer.qelt.ai). Be aware of privacy: any wallet addresses or transaction hashes you ask the agent to look up will be sent to that external service. If you need strong privacy or absolute real-time accuracy, consider running or using your own JSON-RPC node instead of a public indexer. Note the small documentation mismatch: SKILL.md mentions curl as a required tool—ensure your agent environment provides curl or equivalent HTTP capability. Finally, if you plan to use contract verification endpoints (they are listed in references), verify what data is uploaded and whether that is acceptable.

Review Dimensions

Purpose & Capability: okName/description match the actual instructions: the SKILL.md documents GET endpoints for blocks, transactions, addresses, balances and health checks on mnindexer.qelt.ai/tnindexer.qelt.ai. No credentials, installs, or unrelated binaries are required for the documented functionality. Minor inconsistency: SKILL.md metadata lists curl as a required binary while the registry metadata lists no required binaries—this is a documentation mismatch but not a functional red flag.
Instruction Scope: noteInstructions are narrowly scoped to read-only HTTP GET calls to the advertised indexer endpoints and include sensible guidance (check sync, use pagination, backoff on 503). They do not instruct reading local files or accessing unrelated environment variables. Important privacy note: the skill will send whatever transaction hashes or wallet addresses the user/agent provides to an external service (mnindexer.qelt.ai / tnindexer.qelt.ai), which can leak ownership or query intent to that third party. The references also list contract-verification POST endpoints (upload surface) though the main PROCEDURE does not instruct uploads.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. All runtime actions are curl-based HTTP requests; nothing is written to disk by the skill itself. No downloads or archive extraction are present.
Credentials: okThe skill declares no required environment variables or credentials, which is proportionate for a public, unauthenticated read-only indexer. No config paths or secret-like env names are requested. (Note: SKILL.md suggests using curl is expected; if your agent environment lacks curl, it may need that binary.)
Persistence & Privilege: okalways:false and no install persistence; the skill does not request permanent agent presence or modification of other skills. Autonomous invocation is allowed by default (platform default) but not combined with other elevated privileges here.