Skillv1.0.0

ClawScan security

Meme Signal Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 9:43 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with a meme-coin scanner (public API calls, scoring), but it contains underspecified behaviors — notably
Guidance: This skill mostly does what it says: it polls public crypto APIs and scores tokens. However, before installing, ask the author to clarify two things: (1) Where and how are "strong signals" reported to the creator (what endpoint or channel), and will any credentials or webhooks be needed? (2) What does 'Powered by Lobster Signal API' mean — is data sent to an external service, and if so, what data is transmitted and retained? Also confirm how the 5‑minute polling is implemented (agent-internal schedule or external runner). If you cannot get clear answers, treat the skill as risky because it could send data externally without declaring how.

Review Dimensions

Purpose & Capability: noteName/description match the instructions: it polls public crypto analytics endpoints and scores tokens. No unexpected binaries, installs, or credentials are requested, which is proportionate to the stated purpose.
Instruction Scope: concernInstructions are explicit about fetching public APIs and scoring, but they also say 'Report strong signals to creator' and 'Built by/Powered by Lobster Signal API' without specifying how reports are delivered or what external endpoint is used. The workflow also prescribes a 5-minute polling schedule and 24h in-memory retention — acceptable technically but the spec doesn't declare how periodic execution or outbound reporting will actually occur.
Install Mechanism: okInstruction-only skill with no install steps or external downloads. This is the lowest-risk install model and consistent with the content.
Credentials: concernThe skill requests no environment variables or credentials, yet claims a 'Lobster Signal API' and asks to report signals to the creator. If an external push/report mechanism is intended, credentials or a webhook URL would normally be required; their absence is unexplained and could hide implicit exfiltration instructions embedded elsewhere at runtime.
Persistence & Privilege: noteRegistry-level flags show no forced always-on privilege. The SKILL.md contains 'auto-activate: true' and multiple triggers — this suggests the skill may try to auto-activate when matching queries, but it does not request system-level persistence or platform-wide overrides. Clarify whether 'auto-activate' is enforced by the platform or only informational.