Skillv0.1.3

ClawScan security

Safuclaw — Scan Skills Before You Install · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 1:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (auditing skills) matches its instructions, but it asks the agent/user to upload complete skill files to an external service and to create/fund a wallet to pay for each audit — actions that can leak secrets and funnel payments to an unknown operator, so proceed with caution.
Guidance: Key things to consider before installing: - Understand what you will send: the auditor asks for the full SKILL.md and any non-SKILL.md files. These can include API keys, tokens, secrets, or proprietary code — remove or redact any sensitive values before uploading, or avoid uploading and instead run local checks. - Verify the operator: the audit endpoint (https://api.safuclaw.com) and homepage are the only provenance. Confirm the vendor's reputation, privacy policy, and data-retention policy before sending code. If possible, test with harmless/dummy skill content first. - Payment risks: the flow requires creating/funding a Base wallet and signing an x402 payment. Never share private keys or raw signing material with the audit service. Use a local signer or well-vetted wallet provider; confirm the payment address/route before funding. - Alternatives: if you cannot trust the external service, run local static/behavioral tools or require the skill publisher to provide proofs (e.g., reproducible build, signed audit) instead of uploading source. Consider running audits inside a sandboxed environment and avoid sending files that contain credentials. - Ask for guarantees: before using the service in production, request documentation about what the auditor retains, how long, how search/indexing is handled, whether inputs are reused to train models, and procedures for data deletion. Given the clear potential for data exfiltration (intentional or accidental) and the financial/payment surface, treat this skill as potentially useful but risky — only proceed after confirming vendor trustworthiness and protecting any secrets in uploaded files.

Review Dimensions

Purpose & Capability: okName and description match the SKILL.md: the skill is an audit gate that sends skill content to an external audit API. There are no unrelated environment variables, binaries, or install steps requested — the external API approach is coherent with the declared purpose.
Instruction Scope: concernRuntime instructions require sending the entire SKILL.md plus any non-SKILL.md files (full source/install scripts) to https://api.safuclaw.com for analysis. Uploading full file contents to a third party legitimately enables deeper analysis but also risks exfiltrating secrets or sensitive code. The x402 payment flow requires wallet creation/signing and sending 0.99 USDC per audit, which adds financial friction and social-engineering risk (users may be asked to fund wallets). The SKILL.md does not instruct how uploaded files are stored/retained or provide privacy/retention guarantees.
Install Mechanism: okInstruction-only skill with no install spec and no code files to run locally, which reduces surface area. No downloads, no extracted archives, and no binaries are installed by the skill itself.
Credentials: noteThe skill declares no required environment variables or credentials. However, its payment flow asks the agent/user to create or use a Base wallet and sign an x402 payment (private keys and signatures). That operation involves sensitive secrets (wallet private keys) and may require using a signing client; the SKILL.md does not explicitly prohibit sending private keys or signing payloads on an untrusted backend. The lack of declared credentials is consistent, but the wallet/signing requirement raises practical security concerns that are not fully addressed.
Persistence & Privilege: okThe skill does not request always:true or elevated persistent presence and has default invocation settings. It does not attempt to modify other skills or system-wide configuration according to the provided files.