Back to skill
Skillv1.0.0
ClawScan security
Orderly Sdk Debugging · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 9:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only debugging guide for the Orderly SDK and its requested actions and examples are consistent with that purpose; it does not request credentials, install code, or perform unexpected actions.
- Guidance
- This is an instruction-only debugging guide for the Orderly SDK and is internally coherent. Before using: (1) don't paste or share private keys or seed phrases when following examples — use test accounts or testnets; (2) when running npm install commands, prefer verifying package sources and versions; (3) be aware example logs may print identifiers (address, userId, accountId); avoid sending those to untrusted endpoints. If you need the skill to run platform-side code, review any code you execute locally for sensitive operations first.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: the document contains debugging guidance, code snippets, and troubleshooting steps for the Orderly SDK and related browser/build issues. No unrelated capabilities or external services are requested.
- Instruction Scope
- okThe instructions stay within SDK debugging scope: build fixes, WebSocket/account/order error handling, and example code. They do log account state in examples (address, userId, accountId, key presence) but do not instruct reading arbitrary system files, sending data to unexpected endpoints, or exfiltrating secrets.
- Install Mechanism
- okNo install spec or code files are present. The only actionable instruction is an example to install a common dev dependency (vite-plugin-node-polyfills) which is proportional to the described browser polyfill problem.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Example snippets access SDK state (account, key store) which is expected for debugging; there are no requests for unrelated credentials.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent privileges or modify other skills or system settings. It is user-invocable and can be used on demand.