Back to skill
Skillv0.1.4
ClawScan security
Xerolite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 4:42 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, environment requirements, and instructions are coherent with its stated purpose (calling Xerolite agentic endpoints to place orders, search contracts, and fetch portfolio); it requests a single API key and uses node to send HTTP requests — nothing appears unrelated or deceptive.
- Guidance
- This skill appears to do exactly what it claims: send orders and queries to a Xerolite agent via HTTP using XEROLITE_AGENTIC_API_KEY. Before installing: 1) Only provide a dedicated API key with minimal permissions (prefer a paper/trading-limited key if available). 2) Verify and set XEROLITE_API_URL to your trusted Xerolite host (do not leave it pointing at an unknown public URL). 3) Be aware verbose logging will show partial API-key fragments (avoid enabling in shared logs). 4) Because the skill can place real trades and the agent may invoke it autonomously, consider disabling autonomous agent actions for trading or require explicit confirmations. 5) Test against a local/paper environment first to confirm behavior.
Review Dimensions
- Purpose & Capability
- okName/description (Xerolite bridge to IBKR) matches the files and runtime behavior: the CLI sends POST requests to Xerolite agentic endpoints to place orders, search contracts, and get portfolio. Required binary (node) and required env var (XEROLITE_AGENTIC_API_KEY) are appropriate for this purpose.
- Instruction Scope
- okSKILL.md and the CLI script limit actions to constructing JSON bodies and POSTing to the documented /api/agentic/* endpoints. The instructions don't read unrelated files or request other credentials. Network calls to the configured Xerolite base URL are expected for this functionality.
- Install Mechanism
- okThis is an instruction-only skill with an included Node CLI file; there is no install spec or remote download. Nothing is written to disk by an installer step, so install risk is low.
- Credentials
- noteOnly one required secret (XEROLITE_AGENTIC_API_KEY) is requested, which is proportional. Minor notes: XEROLITE_API_URL can point to any host (defaults to http://localhost) — if set to a malicious URL the API key and requests could be sent elsewhere. Verbose logging masks the key but reveals first/last characters, which could leak in shared logs. Consider restricting the API key scope and carefully configuring XEROLITE_API_URL.
- Persistence & Privilege
- notealways:false (no force-install) and the skill is user-invocable. Model invocation is not disabled, so the agent could call the skill autonomously. This is expected for skills but increases impact because the skill can place trades; consider requiring explicit user confirmation or limiting agent autonomy for trading actions.