Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawAPI Manager
v1.1.2OpenClaw-native API management and cost optimization. Multi-provider key management, real-time monitoring, smart routing, and automated failover.
⭐ 0· 506·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim a multi-provider API key manager and cost optimizer, and included code (key rotation, cost monitor, notifier, config manager, smart router) is consistent with that purpose. However the package metadata declares no required environment variables or primary credential while multiple scripts explicitly source a config/.env and expect provider keys and webhook tokens. Also SKILL.md tells users to pip install -r requirements.txt but no requirements.txt appears in the provided manifest — an incoherence between claimed install steps and included files.
Instruction Scope
Runtime instructions (SKILL.md) instruct cloning from GitHub and running Python scripts and editing config files, which is expected. But SKILL.md omits mention of the config/.env file that many shell scripts source; scripts assume access to ~/.openclaw/logs and backups and run commands like openclaw gateway restart and clawhub list. Several components will read/write global OpenClaw config paths (backups, ~/.openclaw) and require full API keys; the instructions give the agent broad permission to read and modify sensitive local config without declaring those needs.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only), but the SKILL.md instructs running git clone and pip install -r requirements.txt. The repository bundle provided contains many scripts and an install.sh, but requirements.txt is not present in the manifest — this mismatch is suspicious and means the documented install steps may fail or hide additional installation behaviors. Because there is an install.sh present, a user should review its contents before executing any install commands.
Credentials
Registry fields list no required env vars, yet many scripts source config/.env and reference variables like TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, QUOTA_CRITICAL_THRESHOLD, COST_BUDGET_THRESHOLD and provider API keys. The skill will therefore require sensitive credentials to operate (API keys, webhook tokens) but doesn't declare them. The skill also reads/writes global OpenClaw config and logs (which may contain other credentials) — broader access than the metadata suggests.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). But the code includes backup/restore and direct writes to OpenClaw config paths; central management utilities (config_manager) imply it will modify core OpenClaw files (backups, main config). That means it can change system-wide configuration and stored API keys — a significant level of privilege. This is expected for a key-management tool but should be explicitly documented and surfaced in the registry metadata (it is not).
What to consider before installing
This package appears to implement an API key manager and cost monitor, but there are several red flags you should address before installing or running it:
- Do not run install.sh or pip commands without reviewing them. The SKILL.md references pip install -r requirements.txt, but requirements.txt is not in the bundle — confirm what dependencies are required.
- Inspect lib/config_manager.py and lib/key_rotation.py (and any code that touches backups or ~/.openclaw) to confirm where API keys are stored, whether they are encrypted before being transmitted or uploaded, and whether any remote endpoints receive keys.
- Look for any code that posts keys or configs to external servers. The notifier scripts send messages to Telegram/webhooks (expected), but verify they don't send secrets elsewhere.
- Confirm the exact filesystem paths the skill will modify (config/.env, ~/.openclaw/openclaw.json, ~/.openclaw/backups, logs) and back up those files before experimenting.
- If you plan to try it, run it in a sandboxed or isolated environment (non-production machine or container) and provide only test API keys with limited privileges.
- Ask the publisher for provenance: where is the canonical source repo, who maintains it, and why registry metadata lists Source: unknown. If provenance can't be verified, treat the package as untrusted.
If you want, I can: (1) list the specific files/functions to inspect for remote network calls and key handling, (2) search the full code for any outbound network endpoints, or (3) draft a short checklist of lines to review in config_manager.py and key_rotation.py to assess exfiltration risk.Like a lobster shell, security has layers — review code before you run it.
latestvk9790k9f5fh5hwt84jdt5n4xx1825g77
License
MIT-0
Free to use, modify, and redistribute. No attribution required.