ClawHub

Purchase Anonymous Data eSIM (Crypton.sh)

v1.0.0

Purchase anonymous eSIMs with BTC/XMR/card - no account required

1· 1.5k·0 current·0 all-time
by@ajarmoszuk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise (anonymous eSIM purchases) matches the behavior: network calls to https://crypton.sh/api/v1/guest/esim, endpoints for plans/checkout/order/status are used. The skill does not request unrelated env vars, binaries, or system paths.
Instruction Scope
SKILL.md instructs only to call the Crypton guest API and format responses (browse plans, create checkout, check status). It does not instruct the agent to read local files, environment variables, or send data to other endpoints. HOWEVER the provided crypton_esim.py content is truncated in the package listing; the visible portion is coherent but the tail could not be reviewed, so full behavioral verification is incomplete.
Install Mechanism
No install spec; the package is instruction + a Python file and a small requirements.txt (requests). That is proportionate for a simple API-integration skill and poses low install-time risk.
Credentials
The skill declares no required environment variables, no credentials, and the code uses unauthenticated guest endpoints. There are no extra credentials or config paths requested that would be disproportionate to its purpose.
Persistence & Privilege
always is false, the skill is user-invocable and allows normal autonomous invocation. The package does not request to modify other skills or system-wide settings in the visible content.
Assessment
This skill appears internally consistent: it contacts crypton.sh guest endpoints to list plans and create orders and does not request local credentials. Before installing, verify the following: 1) Review the full crypton_esim.py file (the version you provided was truncated) to ensure there are no hidden network calls or file I/O in the unseen portion. 2) Confirm https://crypton.sh is the legitimate service you expect (check TLS cert, DNS, and official docs). 3) Be aware anonymous eSIM services and crypto payments can have legal/privacy implications in some jurisdictions — use only if allowed. 4) Test the skill in a restricted environment (no elevated privileges) and monitor network requests to ensure it only talks to expected endpoints. 5) Remember crypto/card payments are irreversible; verify payment URLs/addresses match the official service.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dp91trys5mcb68dym69qa980gynm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments