Skillv1.0.0

ClawScan security

XT Exchange · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 6:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested credentials are consistent with an XT.COM spot & futures CLI — it asks only for XT API keys and runs included Python scripts against XT.COM endpoints.
Guidance: This skill appears to be what it says: it runs the included Python CLI scripts and calls XT.COM API endpoints. Before installing, consider: 1) Only provide an API key with the minimum permissions needed (e.g., read-only for market data; separate trading key without withdrawal permission if possible). 2) Prefer environment variables over storing keys in ~/.xt-exchange/credentials.json; avoid echoing keys into chat or logs. 3) Review the included scripts yourself (they are bundled) and verify network hosts are sapi.xt.com / fapi.xt.com. 4) Be aware the skill will run Python and may run `pip3 install requests` — run in an isolated environment if you are cautious. 5) Test with a low-permission or small-balance account first. 6) The skill relies on conversational confirmations before executing trades/withdrawals — these are procedural (agent-enforced), not cryptographic safeguards; treat API keys as sensitive and assume actions could occur if the agent or environment is compromised.

Review Dimensions

Purpose & Capability: okName/description (XT.COM spot & futures CLI) matches the files and runtime instructions. Required binary (python3) and required env vars (XT_ACCESS_KEY, XT_SECRET_KEY) are appropriate and expected for an exchange CLI.
Instruction Scope: noteSKILL.md stays within the trading scope (market data, balance, orders, transfer, withdraw). It instructs the agent to check credentials via environment variables and ~/.xt-exchange/credentials.json and to run the included Python scripts. Caution: the examples use commands like `echo $XT_ACCESS_KEY` and `cat ~/.xt-exchange/credentials.json` which will print secrets to stdout/logs; the skill also suggests `pip3 install requests` which writes to disk. The skill relies on conversational confirmation before trades, but that confirmation is enforced by the agent workflow (not by external technical safeguards).
Install Mechanism: okThere is no opaque download/install step: this is instruction-plus-scripts. The SKILL.md includes an optional brew formula suggestion for python@3 only. The code files are included in the skill bundle and network calls go to XT.COM API hosts (sapi.xt.com, fapi.xt.com). No third-party or shortened URLs or archives are fetched by the install process.
Credentials: okThe skill requests only XT_ACCESS_KEY and XT_SECRET_KEY (primaryEnv XT_ACCESS_KEY) and will also read a local credentials file if present. No unrelated credentials, secrets, or system paths are requested. Note: storing keys in ~/.xt-exchange/credentials.json or echoing them to stdout can expose them to logs or other observers — the keys are powerful and should be scoped/restricted.
Persistence & Privilege: okalways:false and the skill is user-invocable. It does not request persistent platform-wide privileges or modify other skills. It can be invoked autonomously (platform default), which is normal; combined with trading permissions, that increases impact if keys are present, but that is an expected property of any trading skill.