Skillv1.0.0

ClawScan security

Shadow Number · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 4:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions largely match its stated purpose (buy disposable numbers and deliver OTPs) but contain ambiguous payment behavior, a mismatch between declared metadata and SKILL.md, and ask for a wallet secret that could enable financial actions to an untrusted third party.
Guidance: This skill appears to do what it says (buy temporary phone numbers and return OTPs) but has several red flags you should consider before installing: (1) SKILL.md requires SHADOW_WALLET_KEY — a sensitive wallet secret that would enable automated on-chain payments; only provide such a key if you fully trust the service and process. (2) The registry metadata omitted the required env var, an inconsistency that could indicate sloppy or deceptive packaging — ask the author to clarify exactly what credentials are needed and how they're used. (3) The API endpoint is a third‑party Railway app (not a well-known vendor); OTPs and payment interactions will flow through that server. If you proceed, use a dedicated ephemeral wallet funded with only a tiny amount, audit any outgoing transactions, and avoid using your primary keys. Also consider legal/terms-of-service issues: using disposable numbers to bypass phone verification may violate target sites' terms or laws. If you need this functionality for legitimate testing, request more transparency from the publisher (source code, payment flow description, privacy policy) before supplying any secrets.

Review Dimensions

Purpose & Capability: concernThe skill claims to purchase temporary phone numbers and automatically handle an x402 crypto payment. That purpose reasonably explains requiring a wallet credential. However the registry metadata reported no required env vars while the SKILL.md declares SHADOW_WALLET_KEY — an inconsistency. The API endpoint is a third-party Railway app (extraordinary-charisma-production.up.railway.app), not a known vendor, which raises trust questions about where payments and OTP data are routed.
Instruction Scope: concernInstructions explicitly tell the agent to call the external API to buy numbers, poll for OTPs, and to navigate/enter data in a browser — all within the stated purpose. However the payment flow is vague: SKILL.md asserts "your agent wallet will automatically pay ~$0.10 USDC on Base when the server returns HTTP 402" but gives no concrete steps, endpoints, or clear guidance on how the SHADOW_WALLET_KEY is used. That ambiguity could lead to unintended transmission or misuse of a wallet key or automated payments.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is low-risk from an installation perspective.
Credentials: concernSKILL.md requires a single env secret, SHADOW_WALLET_KEY, to enable automated payments. That is potentially proportionate to paying for numbers, but it's a high-risk credential (can enable on-chain payments). The registry metadata not listing any required env vars is an inconsistency. The SKILL.md also hardcodes the API URL (not declared as configurable), meaning all sensitive actions go through an unreviewed third-party service.
Persistence & Privilege: okThe skill does not request always:true, has no install, and does not modify other skills or system-wide settings. Autonomous invocation is allowed (the platform default) — combined with the wallet access this increases blast radius, but on its own is expected.