Skillv1.0.0

ClawScan security

crypto-research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 10:26 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: Skill appears to implement crypto market monitoring as described, but it embeds an undeclared hard-coded API key and references undeclared external tools/endpoints—these inconsistencies warrant caution before use.
Guidance: This skill largely does what it claims (calls Binance and formats crypto research), but it includes an undeclared hard-coded API key and references undeclared external tools (jin10, QVeris) and a Telegram bot. Before installing or using it: (1) Do not assume the embedded ARKM key is safe—treat it as a leaked/third-party credential and remove it or replace with your own key provided via a secure env var; (2) Ask the publisher for source/homepage and explanation for the embedded key and for details on the referenced tools; (3) If you need monitoring/alerts, confirm exactly what endpoints and external services will be contacted and whether any user data will be transmitted; (4) Run the scripts in a sandboxed environment first and inspect network calls (they currently only curl Binance endpoints, which is expected); (5) Prefer replacing hard-coded secrets with declared required env vars and documented configuration; (6) If you cannot verify the author or purpose of the embedded key and external references, avoid giving the skill autonomous monitoring privileges or installing it in production systems.
Findings: [HARD_CODED_API_KEY] unexpected: SKILL.md includes an inline API key for 'ARKM API': e77c4a5d-f752-4a49-a49e-503970893e37. A research skill should not embed third-party credentials; the correct pattern is to require the user to supply their own API key via a declared environment variable or secret store.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (crypto research, daily reports, BTC/ETH monitoring) aligns with the included scripts that query Binance. However the SKILL.md lists an ARKM API key (e77c4a5d-f752-4a49-a49e-503970893e37) inline and references external data sources/tools (jin10 via web_fetch and 'QVeris skill工具') that are not declared in metadata or requires.env. Embedding an API key in the instructions and referring to other skills/tools without declaring dependencies is disproportionate and unexpected for a straightforward research skill.
Instruction Scope: concernInstructions are explicit about fetching Binance endpoints (fine) and about producing reports. But they also (a) include a hard-coded ARKM API key in the data-source table, (b) use unspecified 'web_fetch' for jin10 and an external 'QVeris' tool, and (c) reference a Telegram source (@MEcapital_bot). The SKILL.md gives the agent latitude to '主动提醒' when important info is found (implying monitoring/alerting) but offers no constraints or declaration of what data may be accessed/transmitted. The included scripts themselves only call Binance endpoints and are consistent with purpose.
Install Mechanism: okNo install spec — instruction-only with two small bash scripts. No downloads, package installs, or archive extraction. This is low-risk from an install mechanism perspective.
Credentials: concernThe skill declares no required environment variables or credentials, yet contains a clear hard-coded API key inside SKILL.md. That key is a secret-sized string (looks like an API token) and is not justified in metadata or scope. The presence of an embedded credential is disproportionate (it should either require the user to provide credentials or omit them). Additionally, references to other external services/tools are undeclared (no env vars described for jin10, QVeris, or Telegram access).
Persistence & Privilege: okalways:false and no install spec means the skill doesn't request permanent/system-level presence. It does not modify other skills or global agent config in the provided files. Autonomous invocation is allowed (platform default) but not combined with other high privileges here.