Back to skill
Skillv1.3.1
ClawScan security
Presage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 12:20 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it is a read-only market analysis tool that calls presage.market public APIs and does not request extra credentials or perform unexpected actions.
- Guidance
- This skill appears coherent and read-only, but before installing: (1) verify you trust the presage.market domain and the linked GitHub repo (inspect the repo yourself); (2) be mindful that functions make outbound HTTP requests to https://presage.market/api (network connectivity required); (3) avoid supplying secrets—getPortfolio needs an agentId (an identifier), but you should confirm whether the real API requires authentication before sending any private account identifiers; and (4) if you require stronger assurance, review the GitHub source and confirm there are no hidden calls or later versions that introduce write/trade operations (the code notes that trading execution would need additional implementation).
Review Dimensions
- Purpose & Capability
- okThe name/description promise (read-only market analysis for Presage/Calshi on Solana) matches the included assets: SKILL.md and a single analysis.js that only fetches presage.market endpoints. There are no unrelated env vars, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md and the runtime instructions limit behavior to fetching public API endpoints and providing analysis. The instructions do not ask the agent to read local files, environment secrets, or post data to third-party endpoints outside presage.market/GitHub.
- Install Mechanism
- okNo automated install spec is present (instruction-only). The README suggests cloning the GitHub repo or using ClawHub; pulling code from a GitHub repo is expected and lower risk than arbitrary URL downloads.
- Credentials
- okThe skill declares no required environment variables or credentials. The only parameter that may be sensitive is agentId passed to getPortfolio (it identifies an account), but the skill does not request secrets or API keys.
- Persistence & Privilege
- okalways is false and the skill does not request permanent agent-level privileges or modify other skills. Autonomous invocation is allowed (platform default) and is not combined with other red flags.