Back to skill
Skillv1.0.0
ClawScan security
Toobit Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 2:55 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's behavior matches a Toobit trading assistant, but the package metadata fails to declare the sensitive credentials and required tools the runtime instructions clearly need — that mismatch and the ability to execute signed trading/withdrawal calls are concerning.
- Guidance
- This skill appears to be a legitimate Toobit API adapter, but the package metadata is missing declarations for the API key/secret and needed binaries (curl/openssl/awk). Before installing: (1) only provide API credentials with the minimal permissions required (create a key that disables withdrawals and restricts trading if you only need read or trade functions); (2) verify the skill owner/source (homepage is missing) and consider trusting only well-known authors; (3) confirm the agent actually prompts for and requires explicit, user-driven confirmation for any write or withdraw actions (don't rely solely on the SKILL.md wording); (4) prefer creating and using scoped keys or a read-only key for market queries; (5) treat environment variables with secrets carefully (set them in a secure location, avoid sharing them with untrusted agents). The main red flag is the metadata omission of sensitive env vars — that inconsistency is why this is suspicious rather than benign.
- Findings
[no_code_files_instruction_only] expected: The scanner had no code files to analyze; this is expected for an instruction-only API adapter. Security-relevant behavior is expressed in SKILL.md rather than code.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes a Toobit trading assistant (market queries, spot/futures trading, wallet management) and the instructions show exactly the API endpoints you would expect. Requesting an API key and secret for signed calls is coherent with the described purpose. However, the registry metadata declares no required environment variables or binaries even though the runtime instructions require TOOBIT_API_KEY and TOOBIT_API_SECRET and call out curl/openssl/awk usage — this omission is an inconsistency.
- Instruction Scope
- okThe SKILL.md confines actions to Toobit API calls and separates read-only, write, and high-risk (withdraw) operations. It prescribes showing parameters and prompting for confirmation before write/high-risk actions. It does not instruct reading unrelated files or exfiltrating arbitrary system data.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk. That reduces supply-chain risk.
- Credentials
- concernThe SKILL.md explicitly relies on two sensitive environment variables (TOOBIT_API_KEY and TOOBIT_API_SECRET) for signing requests, but the skill's registry metadata lists no required env vars or primary credential. Also the instructions assume availability of curl, openssl, and awk but the metadata lists no required binaries. Requiring full API key/secret is appropriate for trading, but the metadata omission and lack of guidance about recommended key permission scopes (for example, recommending disabling withdrawals) are concerning because a provided secret could enable withdrawals or full account control if misused.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request elevated/persistent platform privileges. However, because it enables signed trading and withdrawal calls, users must be careful: autonomous agent invocation (the platform default) combined with a high-permission API key increases risk if confirmation enforcement is imperfect. The SKILL.md requires confirmations, but enforcement depends on the agent implementation and user review.