Skillv1.1.0

ClawScan security

NOFX AI Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 5:29 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are broadly consistent with a crypto trading integration, but there are clear mismatches and sensitive access requirements (local config file, API keys, browser profile access, and un-declared tool dependencies) that are not reflected in the declared metadata — the differences merit caution before installing or giving it privileges.
Guidance: What to consider before installing: - This package expects and uses an API key (NOFX_API_KEY) and a config file (default: ~/clawd/skills/nofx/config.json) but the registry metadata does not declare those requirements — do not assume keys are optional. Provide only least-privilege exchange keys (disable withdrawals, restrict permissions and IP whitelist). - The skill’s browser automation expects a profile named 'clawd' (logged-in session). Granting the agent/browser access to a profile can expose other site sessions/cookies; only use a dedicated, isolated browser profile and don't reuse your personal browser profile. - The scripts call external endpoints at nofxos.ai and include examples to post to Telegram/Discord/Slack. Confirm you trust those endpoints and any webhook URLs you configure. - The docs show running remote install scripts via curl|bash from GitHub raw — review those scripts before executing; avoid blind 'curl | bash'. - The shipped shell scripts depend on curl and jq but the metadata does not list required binaries; ensure you inspect and run scripts locally in an isolated environment before allowing the agent to run them. - If you proceed: review config.json and scripts manually, store API keys in a secure secret store (or environment variables with least privilege), use test/demo exchange keys first, and be prepared to rotate/revoke keys if anything suspicious occurs. - If you want a safer assessment, provide the install.sh referenced by the docs or confirm whether the agent will be given access to your browser profile or filesystem; that information would change the risk assessment.

Review Dimensions

Purpose & Capability: noteThe name/description (AI trading, strategy management, browser automation) align with the included docs and scripts: API calls to nofxos.ai, browser automation guidance, strategy schemas, and trader control are present and coherent. However, the skill metadata declares no required env vars / config paths / binaries while the shipped scripts and SKILL.md expect a local config file, an API key, and a browser profile — a proportionality/documentation mismatch.
Instruction Scope: concernRuntime instructions and reference docs instruct the agent to: (1) read a local workspace config (skills/nofx/config.json or $HOME/clawd/skills/nofx/config.json) containing API keys, (2) use a browser profile named 'clawd' for automation (implying access to logged-in sessions/cookies), and (3) send notifications via external channels (Telegram/Discord/Slack) — these actions access sensitive local secrets and session data and are not limited to just calling the NOFX API. The SKILL.md and references also include 'curl | bash' install examples (downloading and executing remote scripts) and broad guidance such as 'use browser tool with profile: clawd' which could enable reading other web sessions if misused.
Install Mechanism: noteThere is no formal install spec (instruction-only), so nothing is automatically written by the platform. The documentation includes commands that fetch and run scripts from raw GitHub URLs (curl -fsSL https://raw.githubusercontent.com/NoFxAiOS/nofx/main/install.sh | bash) and downloads docker-compose YAML from GitHub — common for open-source projects but higher risk if you blindly execute remote install scripts without review.
Credentials: concernAlthough registry metadata lists no required env vars or config paths, the shipped scripts and docs clearly expect: NOFX_API_KEY (or a config.json with api_key), NOFX_CONFIG (optional override), and a browser_profile (clawd). The scripts use curl and jq (external binaries) but these are not declared. The skill therefore expects access to sensitive credentials and a browser profile even though it does not declare them — this is a notable mismatch and a potential exfiltration vector if the agent/browser tool has broad access.
Persistence & Privilege: okThe skill is not always-included and does not request elevated platform privileges. It does not claim to modify other skills or system-wide settings. Autonomous invocation is enabled (platform default), which increases blast radius if the skill is granted secrets; that combination with the other concerns is why caution is recommended.