ClawHub

Search For Service

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill is mostly a straightforward marketplace search tool, but its endpoint-inspection command may send state-changing HTTP methods like DELETE or PATCH to a supplied URL.

This skill is reasonable for browsing the x402 marketplace, but be careful with the endpoint details command. Only use it on trusted x402 URLs, because it may probe with HTTP methods that can change server state. Also note that it runs an external npm CLI via npx @latest, so the executed code is not version-pinned.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

A mistaken or malicious URL could receive unintended non-read-only requests, potentially changing or deleting data on a service that accepts those methods without first returning a payment challenge.

Why it was flagged

The command may send state-changing HTTP methods such as DELETE, PATCH, or PUT to a user-supplied endpoint while probing for x402 payment requirements. The artifact does not describe a confirmation step, safe-method restriction, or containment if the URL is not actually an x402 endpoint.

Skill content
Auto-detects the correct HTTP method (GET, POST, PUT, DELETE, PATCH) by trying each until it gets a 402 response
Recommendation

Use the details command only for known x402 endpoints, ask for explicit user confirmation before probing arbitrary URLs, and prefer tooling that lets the user specify a safe method instead of automatically trying DELETE/PATCH/PUT.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The behavior of the CLI could change when the npm package updates, even if the skill artifact stays the same.

Why it was flagged

The skill invokes an external npm package through npx using the @latest tag, so the executed code is not pinned to a reviewed version. This is disclosed and purpose-aligned, but it is still a supply-chain consideration.

Skill content
allowed-tools: ["Bash(npx awal@latest x402 bazaar *)", "Bash(npx awal@latest x402 details *)"]
Recommendation

Prefer a pinned package version or review the npm package provenance before using this skill in sensitive environments.