Back to skill
Skillv1.0.0
ClawScan security
Orderly Api Authentication · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 4:23 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only guide for Orderly Network authentication (EIP-712 and Ed25519) that requests no credentials, installs nothing, and stays aligned with its stated purpose.
- Guidance
- This skill is a how-to guide for Orderly Network authentication and appears internally consistent. It does not request secrets or install code. Before using any copied code or key-management guidance: 1) Never paste your private keys or seed phrases into third-party sites or chat boxes. 2) Verify API and WebSocket endpoints (typosquatting can redirect to malicious hosts). 3) When generating Ed25519 keys, keep private keys offline or in secure storage (hardware wallet or HSM) where possible. 4) Double-check the verifyingContract and domain parameters against official Orderly documentation or their website. 5) If you will run provided code, review it locally and run it in a controlled environment. If you want higher assurance, provide the full SKILL.md contents or verify the skill author/source before trusting operational use.
Review Dimensions
- Purpose & Capability
- okThe name/description (Orderly API auth) match the content: EIP-712 for EVM, Ed25519 for Solana and API calls. The skill declares no unrelated binaries, env vars, or credentials.
- Instruction Scope
- okSKILL.md provides example flows, endpoints (api.orderly.org and testnet), code snippets, and signing steps. It does not ask for unrelated system files, extraneous credentials, or to exfiltrate data to third-party endpoints in the visible content.
- Install Mechanism
- okNo install spec is present and there are no code files — this is instruction-only, so nothing will be written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables or credentials. The documented operations (wallet signatures, local Ed25519 key generation) legitimately require local key material only; no disproportionate access is requested.
- Persistence & Privilege
- okalways is false and model invocation is standard; the skill does not request permanent presence or modifications to other skills or system-wide settings.