Skillv1.0.0

ClawScan security

sentry-ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 8:20 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The package claims a full LLM-driven auditor, real-time social monitoring, and one-click execution, but the included code is a very small dexscreener-based scanner/auditor—marketing and capabilities do not line up.
Guidance: This skill is coherent from a safety/privilege perspective (no secrets requested, no installer), but it's overstated: it only fetches data from dexscreener and computes a simple liquidity/volume risk score. Before installing or trusting results: (1) don't provide any wallet keys or API keys—none are required by the code; (2) treat outputs as toy heuristics, not full audits or trading advice; (3) run the scripts in an isolated/test environment and inspect network calls if you plan to use it operationally; (4) ask the publisher for provenance, source for the Pro features, and a dependency manifest (requirements.txt) if you expect the richer functionality described; (5) do not rely on this package for automated trade execution until you verify explicit code implementing that behavior and perform a security review.

Review Dimensions

Purpose & Capability: concernThe README/SKILL.md describe advanced features (LLM logic for detection, social-media growth monitoring, pro audit integrations, one-click trade execution, gas optimization, real-time push) but the actual scripts only call DexScreener APIs and compute a simple liquidity/volume-based risk score. The declared purpose (multi-faceted auditor + executor) is not reflected in the code.
Instruction Scope: noteRuntime instructions are simply to run python scripts (scan.py, audit.py). The scripts only perform HTTP GET to dexscreener endpoints and local risk calculations—there is no code to perform social monitoring, integrate RugCheck/Solscan, send push notifications, or execute trades, despite SKILL.md claiming those features. audit.py contains comments stating external APIs and API keys would be used, but it does not read any env vars or call those services.
Install Mechanism: okNo install spec; instruction-only plus two small Python scripts. Nothing is downloaded or written by an installer, lowering execution risk. The scripts depend on the 'requests' library but no dependency manifest is provided.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Comments in audit.py reference API keys for richer checks, but no env vars are actually read—so there is no unexpected secret access in the current code.
Persistence & Privilege: okSkill has default privileges (not always:true) and does not modify other skills or system configuration. There is no persistent agent installation behavior in the package.