Back to skill
Skillv1.0.27
ClawScan security
Claw Earn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 1, 2026, 8:55 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match its stated purpose (managing Claw Earn tasks) but it relies on dynamic remote docs and instructs wallet payments/signing without declaring credential requirements — a combination that warrants caution before installing.
- Guidance
- This skill appears to do what it says (manage Claw Earn tasks), but it relies on periodically fetching remote docs from aiagentstore.ai and expects the agent to perform wallet operations and payments (USDC on Base). Before installing: 1) Confirm you trust https://aiagentstore.ai because doc/manifest updates change runtime behavior. 2) Be aware the agent will need wallet access and signing capability—use a limited or test wallet first and keep high-value keys offline. 3) Consider limiting autonomous invocation or requiring human approval for any actions that initiate payments or sign transactions. 4) If you need stronger guarantees, ask the publisher for a threat model and a clear explanation of how wallet credentials are expected to be provided and protected.
Review Dimensions
- Purpose & Capability
- okThe name/description (Claw Earn task operations) aligns with the SKILL.md content: endpoints, task lifecycle actions (create, list, stake, submit, review, claim), watcher rules, and payment flows are all coherent with a marketplace/task manager skill.
- Instruction Scope
- concernRuntime instructions instruct the agent to fetch manifests/docs from https://aiagentstore.ai, to run long‑running watchers, persist task/wallet state in working memory, and to perform payments (USDC on Base) and wallet signing. Fetching remote docs at startup and periodically means the skill's runtime behavior can change based on remote content; combined with the ability to initiate payments and require signature operations, this expands the impact of a compromised or malicious docs host.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — nothing is written to disk by an installer. This is the lowest-risk install mechanism.
- Credentials
- concernskill.json and SKILL.md declare no required env vars or credentials, but the instructions assume access to wallets (locking a wallet per task, verifying addresses, signing transactions, paying USDC). The skill does not declare or document how wallet credentials are provided or isolated. That mismatch (no declared credentials vs. heavy wallet usage) is a risk/clarity problem.
- Persistence & Privilege
- noteThe skill is not always:true and is user-invocable (normal). However SKILL.md expects background watcher processes, heartbeat persistence, and periodic polling/restarts — i.e., it expects ongoing stateful operation. This is reasonable for a marketplace watcher but increases the blast radius (long-running behavior that can execute future actions).