Skillv1.3.0

ClawScan security

NOFX AI500 Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 7:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (crypto monitoring + reports), but there are important inconsistencies and a hard-coded API key plus other mismatches you should review before installing.
Guidance: Before installing, consider the following: - Hard-coded API key/base: ai500-report.py contains BASE = "https://nofxos.ai" and KEY = "cm_568c67eae410d912c54c" and monitor.sh falls back to the same values. This means the bundled scripts will use that embedded key unless you explicitly override it with environment variables. Treat that as a secret; do not assume it's yours. Either remove the hard-coded key or replace it with your own key before running. - Metadata vs reality mismatch: The registry metadata lists no required env vars, but runtime docs and scripts require a NOFX API base, an API key, and a Telegram chat ID. Expect to provide these manually; the listing is incomplete. - Persistence: The skill asks you to create cron jobs that will run periodically and will write a known-list file under your HOME. Review and approve the cron payloads and file paths; consider running them in a controlled/isolated sessionTarget if possible. - SSL snippet is insecure: SKILL.md suggests creating an unverified SSL context to avoid cert issues. Do not disable SSL verification in production — instead fix certificate/trust issues or use proper TLS verification. - Optional external services: The video pipeline docs mention Remotion/Playwright/ffmpeg and Minimax TTS (api.minimax.chat). Those are optional but involve additional network calls and possibly API keys; if you enable video/TTS, verify what credentials and external endpoints are used. - Minimal mitigations: (1) Remove or rotate any hard-coded credentials and supply your own via environment variables. (2) Inspect the cron job payloads and set sessionTarget to isolated if available. (3) Run the scripts in a sandboxed environment first and monitor network traffic if you are concerned about where requests go. (4) If you do not trust the hardcoded key's owner, do not rely on it — replace it or block outgoing requests to that endpoint. Given these inconsistencies and the embedded key, proceed only after you have removed the hard-coded credentials or fully understood and accepted the implications of using them.

Review Dimensions

Purpose & Capability: noteThe skill's name/description match the included scripts and report generator: it fetches NOFX endpoints and Binance klines and formats Telegram reports. However the package metadata declares no required credentials while the SKILL.md and runtime files clearly require a NOFX API base and auth key (the SKILL.md asks the user for these). That mismatch between declared requirements and what the skill actually needs is an inconsistency to be aware of.
Instruction Scope: concernRuntime instructions ask the agent to create cron jobs, run scripts, and send messages to Telegram (expected). But SKILL.md also suggests disabling SSL verification (provides ssl._create_unverified_context()), which is insecure. Crucially, the instructions tell you to ask the user for an API key, yet the included code ignores that in places and uses a hard-coded key/base instead (see ai500-report.py and monitor.sh). The monitor script writes/reads a known-list file under $HOME/.openclaw/workspace and will update it — so the skill reads and writes to the user's filesystem and will persist state via cron jobs.
Install Mechanism: okInstruction-only plus small scripts/Python file; there is no install spec or external archive download in the manifest, which reduces supply-chain installation risk.
Credentials: concernThe registry metadata declares no required environment variables or primary credential, but SKILL.md expects the NOFX API base URL, API auth key, and a delivery target (Telegram chat ID). The code files further hard-code a NOFX BASE and KEY (KEY = "cm_568c67eae410d912c54c", BASE = "https://nofxos.ai") and monitor.sh defaults to NOFX_KEY/NOFX_BASE but falls back to that same hard-coded key/base. This is a clear mismatch and raises risk: the bundled hardcoded key will be used unless you override it, and there's no declaration of that credential in metadata.
Persistence & Privilege: noteThe skill requests creation of cron jobs (monitor every 15m, report every 30m) which gives it ongoing, persistent execution in the agent environment and writes a known-list file at $HOME/.openclaw/workspace/nofx-ai500-known.json. 'always' is false, and it does not change other skills' configs, but cron jobs will periodically run agent code with whichever credentials are present; review cron job creation before enabling.