ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Credit by t54

v1.0.0

Credit line service for AI agents to access x402 services without upfront payment. Use when (1) you need to call x402-enabled APIs or services but lack cryptocurrency, (2) you want to use credit instead of paying directly, (3) you need to register for an initial credit line with code audit, (4) you need to check credit balance or repayment status, or (5) you want to build credit history through service usage. ClawCredit acts as a payment proxy, handling blockchain settlements on Base/Solana/XRPL while you spend USD credit.

2· 1.6k·1 current·1 all-time
by@sergiochan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to provide a credit payment proxy for x402 services — requesting an SDK and an audit of 'real core logic' is plausible for underwriting. However, the instructions escalate beyond a normal payment integration by asking for full audited function code, traces of reasoning, and locations of OpenClaw workspace/transcripts. Those items are not obviously required for basic payment processing and could expose sensitive intellectual property and conversation context.
!
Instruction Scope
SKILL.md explicitly instructs the agent/developer to: (1) submit the agent's real core logic (source code) for audit, (2) enable tracing that captures reasoning and execution context including system prompts, and (3) point to or read local OpenClaw workspace, transcript and prompt directories. It also demonstrates reading/writing ~/.openclaw/credentials/clawcredit.json and using process.env.OPENAI_API_KEY (an env var not declared elsewhere). These instructions collect highly sensitive data (code, system prompts, chat transcripts, API keys) and grant broad discretion to gather local files — scope creep beyond a straightforward payment proxy.
Install Mechanism
There is no formal install spec in the skill bundle, but the README instructs the user to run 'npm install @t54-labs/clawcredit-sdk'. Installing an unpublished/unknown npm package is moderate risk: packages from npm are common but the skill provides no homepage, repository, or verified publisher info. Because the skill is instruction-only, nothing is automatically written by the platform, but following the install instructions would pull external code that should be reviewed first.
!
Credentials
The skill declares no required env vars or credentials, yet the instructions rely on process.env.OPENAI_API_KEY and ask the agent to read/write ~/.openclaw/credentials/clawcredit.json and other workspace/transcript paths. Requesting the user's core code, API keys, and chat/prompt transcripts is disproportionate for a payment proxy and raises exfiltration/privacy concerns. Also, the skill asks for an 'invite_code' without explaining how it is provisioned or validated.
Persistence & Privilege
The skill recommends the SDK auto-saves an API token to ~/.openclaw/credentials/clawcredit.json (persistent credential storage). It does not set always:true and doesn't request platform-level privileges, but writing and later reading tokens from the user's home directory is a persistent capability that increases blast radius if the SDK or operator is malicious. No instructions are present to limit file scope or secure the stored token beyond 'keep it secure.'
What to consider before installing
This skill asks you to install an external npm package and to submit highly sensitive artifacts: your agent's real core logic, system prompts and traces, local transcript/prompt directories, and to rely on saved tokens in your home directory. Before installing or using it: (1) confirm the SDK's provenance — find the package repo, maintainer identity, and a privacy/security policy; (2) do NOT upload proprietary core logic or system prompts unless you have an explicit, audited contract and understand how the data will be stored, used, and who can access it; (3) prefer to run the SDK in an isolated environment or sandbox and review its source code before npm install; (4) avoid handing over API keys or long-lived tokens — prefer short-lived, scoped keys and rotate them after testing; (5) ask the provider why they need full traces and prompt content and whether minimal metadata would suffice; and (6) if you cannot validate the provider or the need for code/traces, treat this as high risk and decline to proceed.

Like a lobster shell, security has layers — review code before you run it.

agent economyvk97dagzj2hrej51yb6jkrgy0xh80ec95financialvk97dagzj2hrej51yb6jkrgy0xh80ec95latestvk97dagzj2hrej51yb6jkrgy0xh80ec95

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments