Coinbase Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is clearly aimed at Coinbase crypto trading, but it asks for powerful financial authority with under-declared credentials and unclear approval limits for trades or transfers.
Only install this if you are prepared to grant Coinbase trading or transfer authority. Use restricted API keys, avoid enabling withdrawals unless absolutely necessary, require manual approval for every transaction, and verify all asset, amount, network, and destination details before allowing execution.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent error, misunderstood instruction, or unsafe prompt could result in unwanted crypto trades or transfers.
The skill describes executing crypto swaps and transfers, which are high-impact financial actions. The artifacts do not clearly require explicit user approval for every transaction, whitelist destinations, or define safe transaction limits beyond one default trade threshold.
Execution: Calls the CDP SDK to execute swaps or transfers based on user logic.
Require explicit confirmation for every trade and transfer, show asset, amount, fees, destination, network, and irreversible impact before execution, and support user-configured limits and address allowlists.
Users may provide powerful Coinbase credentials without clear notice of required permissions or how those credentials are constrained.
Coinbase CDP API keys can grant sensitive account and transaction authority. The registry metadata declares no required environment variables or primary credential, and the artifacts do not specify key scopes or permission limits.
Authentication: Uses CDP API Keys (stored securely in .env).
Declare the required credential and environment variables, document minimum Coinbase key scopes, recommend restricted keys, disable withdrawal/transfer permissions unless explicitly needed, and provide revocation guidance.
Users could over-trust the credential-handling claim unless they independently confirm how keys are stored and used.
This is a strong safety assurance in an instruction-only artifact with no implementation available to verify how keys are handled.
Never shares raw API secret keys.
Treat the claim as unverified, use least-privilege API keys, and avoid giving the skill keys that can withdraw or transfer funds unless necessary.