Skillv0.1.6

ClawScan security

Teller MCP – Borrow USDC & Altcoins (no margin calls) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 1:50 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and declared behavior are internally consistent with its stated purpose (a local MCP server that proxies Teller delta‑neutral and lending APIs), but the package provenance is unknown so you should review before running.
Guidance: This bundle appears to be what it claims (a local MCP server fronting Teller's public delta‑neutral API). Before installing or running it: 1) verify the source (there is no homepage/repo listed) — prefer code from a known org or repo; 2) inspect package.json and the package-lock.json for unexpected dependencies; 3) run npm audit / npm ci in an isolated environment or container to avoid exposing your main system; 4) do not supply private keys or wallet seed phrases — the server builds transaction calldata but does not sign or submit transactions; 5) consider setting TELLER_API_BASE_URL to a local mock for testing, and confirm the production base URL matches the official Teller endpoint (https://delta-neutral-api.teller.org); and 6) review the @modelcontextprotocol/sdk dependency if you rely on strict provenance. If you need higher assurance, ask the publisher for a verifiable repository or have a developer perform a dependency and provenance review prior to deployment.

Review Dimensions

Purpose & Capability: okThe name/description match the included files: TypeScript MCP server code registers the six tools described, client.ts calls the documented Teller REST endpoints, and package.json lists @modelcontextprotocol/sdk and zod which are reasonable dependencies for an MCP server. Inputs, outputs, and endpoints align with the stated purpose.
Instruction Scope: okSKILL.md instructs standard developer ops (npm install, build, npm start) and how to register the server with mcporter/OpenClaw. The runtime behavior is limited to making HTTP requests to the Teller API and returning structured JSON — it does not instruct reading unrelated system files or secrets. The README and code reference optional env vars (TELLER_API_BASE_URL, TELLER_API_TIMEOUT_MS) which are used as documented.
Install Mechanism: noteThis is instruction-only (no automated install spec). Running it requires npm install which will fetch packages from the public registry; a package-lock.json is included (good for reproducibility). There is no download-from-arbitrary-URL step. However, the skill has no homepage/repository metadata in the registry entry, so provenance is unclear.
Credentials: okThe skill does not require any credentials or config paths. The only environment variables mentioned are optional and used to point the client at a different base URL or adjust timeouts. The code accepts wallet addresses as inputs and returns unsigned transaction payloads; it does not request private keys or tokens in the provided files.
Persistence & Privilege: okThe skill is not marked always:true and does not attempt to modify other skills or global agent settings. It runs as a standalone MCP server process and can be invoked by agents (default behavior) which is appropriate for a tool-exposing service.