Skillv1.0.0

ClawScan security

Venus Agent Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 2:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent for a Venus (BNB Chain) risk-analysis + optional execution tool; it defaults to simulation/read-only but includes explicit broadcast flows that require a user private key and confirmation.
Guidance: This package appears to do what it claims: market reads, on‑chain wallet exposure checks, conservative risk scoring, and optional transaction helpers. Important things to consider before installing or running: 1) Default mode is simulate/read-only — always run simulate/preview first. 2) Broadcast actions require you to supply a private key and --confirm YES; avoid passing private keys on the command line (they can appear in process lists and shell history). Prefer using a secure signer (hardware wallet, ephemeral node signer) or a protected key file. 3) Verify RPC and API endpoints before use (defaults are public BNB dataseed and api.venus.io); do not point the scripts to an untrusted RPC or API. 4) Review/verify contract addresses in references (pool-filter.json and references JSON) against official sources. 5) If you intend to let an agent invoke this autonomously, restrict that capability or require explicit human confirmation for any broadcast step. If you want a deeper check, request an audit of the transaction broadcast code paths (node scripts that call wallet.signer) and of wallet_onchain_exposure.py to confirm no unexpected network calls or data exfiltration.

Review Dimensions

Purpose & Capability: okThe name/description (Venus Protocol risk-first analysis on BNB Chain) matches the included scripts and references: market fetchers, wallet on‑chain readers, health simulators, and explicit deposit/withdraw/borrow/collateral execution helpers. The presence of both analysis (read-only) and execution (broadcast) scripts is documented in SKILL.md and the code; this is coherent with the stated purpose of providing both risk checks and execution planning.
Instruction Scope: noteSKILL.md confines runtime behavior to the listed scripts, uses official Venus API and BNB RPC endpoints by default, and requires explicit confirmation for broadcast transactions. This stays within the stated scope. Note: execution-capable scripts accept a private key and can sign/broadcast transactions when run with --mode broadcast and --confirm YES — the skill warns about this, but users should treat broadcast capability as sensitive and follow the guardrails (simulate first, explicit confirm).
Install Mechanism: okInstruction-only skill with no install spec; included scripts are plain Python/Node files. Nothing is downloaded from arbitrary URLs during install. No archive/extract installs or remote installers were found in the manifest.
Credentials: noteThe skill requests no environment variables or built-in credentials, which is proportionate. However, multiple scripts accept a raw private key via CLI arguments to perform broadcasts. Passing private keys on CLI can leak to process listings and shell history; while this pattern matches typical CLI crypto tooling, it is a sensitive design choice the user should treat carefully (prefer ephemeral signers, hardware wallets, or protected key files).
Persistence & Privilege: okThe skill does not request persistent or privileged platform flags (always:false). It does not attempt to modify other skills or global agent settings. Autonomous invocation is allowed by default but is not combined with other high-risk factors here.