Skillv1.0.1

ClawScan security

Token Profiler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 2, 2026, 6:22 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper that simply calls a third‑party token-aggregation API and its declared requirements match its stated purpose, but you should consider privacy and trust of the unknown external host before using it with sensitive queries.
Guidance: This skill appears internally consistent: it just calls a third‑party API and returns JSON. Before installing, consider: (1) Trust and privacy — the endpoint (verdictswarm-production-7460.up.railway.app) is hosted on Railway and the skill has no homepage or source link, so you don't know who will receive token queries or how logs are stored; avoid sending any private keys, wallet seeds, or other secrets (the skill does not request them, but the endpoint will see whatever you send). (2) Data sensitivity — queries with internal or non‑public addresses could be logged by the service; test with public tokens first. (3) Availability and limits — the skill advertises a free tier with limits; confirm rate and SLA if you rely on it. (4) If you need stronger guarantees, request the skill author/source code or use an audited provider or self-hosted aggregator. If you want me to, I can attempt to fetch the endpoint's TLS/WHOIS info or suggest alternative, audited token-data providers.

Purpose & Capability: okThe name/description promise (aggregate CoinGecko, DexScreener, GoPlus, on‑chain) aligns with the SKILL.md: the agent is instructed to call a single network endpoint which claims to provide those aggregated fields. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope: noteRuntime instructions only tell the agent to call the specified HTTPS endpoint with a token address or name and return JSON. This stays within the advertised scope, but it does instruct the agent to transmit user-provided token identifiers to an external service (verdictswarm-production-7460.up.railway.app), which has privacy implications.
Install Mechanism: okThere is no install spec or code to download — lowest-risk model for code execution. The skill is instruction-only and relies on outbound network access to the declared endpoint.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportional to its purpose (a plain network API call).
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is permitted (platform default) but not combined with other elevated privileges.