Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
KarmaBank
v1.0.0AI agents borrow USDC based on their Moltbook karma score. Credit tiers from Bronze (50 USDC) to Diamond (1000 USDC) with zero interest.
⭐ 0· 1.3k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The codebase, CLI commands and dependencies (Moltbook adapter, scoring engine, Circle wallet client) match the stated purpose: issuing testnet USDC loans based on Moltbook karma. However the registry metadata lists no required environment variables while the README/SKILL.md and code clearly require CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET and (optionally) MOLTBOOK_API_KEY. Several docs disagree on loan terms (SKILL.md says 0% interest; SUBMISSION.md claims 5%) — this inconsistency reduces confidence.
Instruction Scope
SKILL.md instructs the agent/admin to create a .env, run npm install/link and run commands that will call Moltbook and Circle APIs and write/read a local JSON ledger. The runtime instructions do not ask the agent to read arbitrary unrelated system files, but scripts in the repo will read environment variables and write files (e.g. .credit-ledger.json). Some helper scripts (e.g. circle-entity-secret) print key material to stdout which could inadvertently leak secrets if run in shared environments.
Install Mechanism
No remote arbitrary binary download or obscure URL installs are used in the manifest; installation is via standard git clone / npm install / npm link. Dependencies are from npm and a local file dependency to a circle-wallet skill is present in package-lock (file:../skills/circle-wallet) — that local path may not resolve outside the original dev environment and should be checked before install.
Credentials
The skill requires sensitive credentials (Circle API key + entity secret and optionally Moltbook API key) to perform real transfers, yet registry-level metadata claims no required env vars — a mismatch. Worse, the repository text (TODO.md) contains an apparent Moltbook API key value embedded in the docs, and several scripts log or echo key substrings and generated secrets to the console. This indicates possible accidental secret exposure in the repo and shows the code will access high-privilege secrets that must be kept private.
Persistence & Privilege
The skill does not request always:true and does not appear to change other skill configurations. It persists state in a local JSON ledger (.credit-ledger.json) and uses standard CLI behavior. There is no evidence it demands elevated system privileges beyond normal file/network access.
Scan Findings in Context
[base64-block] expected: A large base64 ciphertext constant is included (create-with-ciphertext.js) to demonstrate Circle wallet creation; a base64 block here can be legitimate for encrypted payloads but the presence of long encoded blobs is what triggered the detector. Review that blob for sensitive data before trusting it.
What to consider before installing
What to consider before installing or running KarmaBank:
1) Inconsistent metadata and docs: the registry lists no required env vars but the SKILL.md and code require CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET and optionally MOLTBOOK_API_KEY. Do not assume the skill is safe because registry metadata is empty. Verify required secrets and why they are needed.
2) Leaked/embedded secrets: the repository contains at least one apparent Moltbook API key string embedded in the docs (TODO.md). If that key belongs to you, rotate it immediately and treat it as compromised. Do not use your real Circle API key or entity secret without auditing the code first.
3) Code will call external services and may print or persist secrets: helper scripts generate and print secrets (circle-entity-secret, create-with-ciphertext). Run in an isolated machine/container and inspect scripts before running them; avoid running scripts that echo secret values in shared terminals.
4) Audit before connecting real funds: the CLI can create wallets and (with Circle credentials) move USDC. Only supply Circle credentials if you understand and trust the code and have tested in sandbox/mock mode first (MOCK_MODE=true, explicit sandbox base URLs). Prefer using Circle sandbox endpoints and small test amounts.
5) Check local dependency path: package-lock references a local file dependency (../skills/circle-wallet). Confirm that this is intentional and that the dependency code is what you expect (and not a pointer that will try to read host paths).
6) Verify contradictory terms: SKILL.md says 0% interest while SUBMISSION.md mentions 5% interest and other docs conflict on tier mappings — confirm the final loan terms before accepting loans or integrating.
7) Safer workflow: clone the repo, perform a code review (search for any network endpoints, logging of env vars, or hardcoded keys), run npm install in an isolated container, run tests in mock mode, and only then consider giving real keys. If you find any keys in the repo, assume they are compromised and rotate them.
If you want, I can: (a) point to exact files/lines where keys are printed or embedded, (b) list all places the code reads environment variables, or (c) extract the specific discrepancies between docs (interest rate and tier mappings).Like a lobster shell, security has layers — review code before you run it.
creditvk976kqkh0zn0wkec1qe4j8qe7n80k461financevk976kqkh0zn0wkec1qe4j8qe7n80k461hackathonvk976kqkh0zn0wkec1qe4j8qe7n80k461latestvk976kqkh0zn0wkec1qe4j8qe7n80k461usdcvk976kqkh0zn0wkec1qe4j8qe7n80k461
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis