Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web3-Crypto-Degen
v1.0.4Universal Web3 & Crypto operating skill for AI agents. 12 domains, 60+ API endpoints, 5 providers: OKX DEX aggregator, Binance Web3 intelligence, Binance/Gat...
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The capabilities described (DEX/CEX ops, RPCs, signing, honeypot simulation, routing, trading) match the sensitive credentials and RPC endpoints enumerated inside SKILL.md — those credentials are reasonable for an agent that will trade and sign on-chain. However, the platform registry metadata provided with the skill lists no required environment variables, which is a mismatched and suspicious discrepancy.
Instruction Scope
SKILL.md explicitly requires loading secrets from environment variables (process.env.*), describes HMAC signing for multiple CEX APIs, and references on-chain signing and broadcasting of transactions and automated dispatch (Pump.fun/Jupiter auto-dispatch, direct pool execution). Those instructions permit moving real funds and performing market actions; the doc warns not to log/transmit secrets but gives the agent broad operational authority. The document also contains advanced features (auto-dispatch, turbo execution, Pump.fun) that could be used for manipulative trading strategies — scope is wide and high-risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write archives or binaries to disk. That lowers installation risk compared to arbitrary downloads.
Credentials
SKILL.md lists many high-privilege environment variables: multiple CEX API key pairs, RPC endpoints, and explicit private keys (DEPLOYER_PRIVATE_KEY, SOL_PRIVATE_KEY). Those are proportional to a full trading/signing agent, but they are extremely sensitive. Critically, the registry metadata provided earlier claims 'required env vars: none', so the platform would not surface these secrets to the user — this mismatch is a red flag for stealthy/incorrect configuration or potential misrepresentation.
Persistence & Privilege
always:false (good) and disable-model-invocation:false (normal). However, because the skill requests private keys and trading API keys, allowing the agent to invoke this skill autonomously increases blast radius: an agent with access could sign and broadcast transactions or place orders. The skill does not request system-level persistence, but autonomous invocation combined with high-privilege secrets is risky.
What to consider before installing
Do not install or supply secrets to this skill without further checks. Specific actions to take before proceeding: 1) Ask the platform why the registry metadata lists no required env vars while SKILL.md demands many secrets — this inconsistency must be resolved. 2) Verify the skill's source code, author, and homepage; prefer skills with a public repository and an audit. 3) Never provide primary private keys or broad API keys to an untrusted skill — use least-privilege API keys (no trading or no withdrawal where supported), ephemeral/testnet keys, or a hardware/vault signing flow. 4) Require an explicit user consent prompt before any mainnet trade/broadcast; demand that the platform surface exactly which env vars will be requested. 5) If you must test: run only on testnets with test API keys, and sandbox the agent. If the registry metadata cannot be corrected or the author cannot be validated, treat this skill as unsafe to install.Like a lobster shell, security has layers — review code before you run it.
latestvk978hjqkk7yybf92t3sgm6dz7d83zxgr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.