ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bou Wallet

v1.0.0

Use this skill when an external agent already has an agent API key and needs to call this backend directly with curl for three capability groups: (1) `POST /...

2· 64·0 current·0 all-time
byC9@0xcipher0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a wallet/trading proxy and curl patterns for three clearly related capability groups (pay-and-call, agent/me, hyperliquid). That purpose aligns with the runtime instructions. However the registry metadata lists no required environment variables or primary credential while the instructions explicitly require an AGENT_KEY and BASE_URL. Also there is no homepage or vendor information (source unknown), which reduces provenance and accountability.
!
Instruction Scope
Instructions ask the agent/operator to construct and send arbitrary upstream URLs to POST /agent/pay-and-call, which intentionally forwards requests to third-party URLs. That is functional for the described purpose but is also a broad capability: it allows the backend to fetch arbitrary endpoints (potential SSRF/internal endpoint access) and could be used to relay or exfiltrate data. The SKILL.md does instruct to treat the AGENT_KEY as secret and not to store it, which is good, but the forwarding capability and lack of guardrails in the instructions are concerning.
Install Mechanism
Instruction-only skill with no install steps and no code files — nothing is written to disk by the skill package itself. This is the lowest install risk.
Credentials
The skill legitimately needs an agent bearer key (AGENT_KEY) and a BASE_URL to operate; no other credentials are requested. However the registry metadata did not declare these required env values or a primary credential, creating a mismatch between declared requirements and actual runtime needs. The user must provide a secret bearer token when using the skill.
Persistence & Privilege
always is false and the skill does not request persistent presence or system-wide config changes. It is user-invocable and may be invoked autonomously by the agent (default platform behavior), but it does not request elevated platform privileges.
What to consider before installing
Things to consider before installing/using this skill: - Provenance: the skill has no homepage or publisher info and the source is unknown. Prefer skills with verifiable vendor/docs. - Secret handling: the skill requires you to supply an AGENT_KEY (ak_...). Only use a key with minimal scope and lifetime. Never paste the key into public chat or commit it to repos. - Backend trust: this skill causes the backend to forward arbitrary upstream URLs (pay-and-call). Confirm with the backend operator that they block requests to internal IP ranges and other sensitive endpoints to prevent SSRF or unauthorized internal-network access. - Payment and limits: the backend pays upstream requests from the agent's USDC balance. Verify how billing is enforced and whether your key can be limited to avoid unexpected charges. - Test safely: use a throwaway or test agent key and the provided test endpoints before using real funds or production keys. - Metadata mismatch: the registry metadata doesn't declare AGENT_KEY or BASE_URL — ask the skill author/registry to update metadata so required credentials are explicit. If you cannot verify the backend operator or the skill's origin, avoid installing or using it with production credentials or funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzk2wxrtc32r9amd3msxs1983zt0w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments