Skillv0.1.3

ClawScan security

Metered API Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 2:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match the described metered-API functionality, but the registry metadata omits many required environment/credential inputs and there are configuration/installation gaps that don't add up and deserve closer review before deploying.
Guidance: This package appears to be a coherent metered-API reference implementation, but pay attention before installing or deploying: - Metadata mismatch: the registry lists no required env vars, but the code requires a Postgres DATABASE_URL and several secrets (ADMIN_TOKEN, webhook secrets, fee addresses). Treat DATABASE_URL and webhook secrets as high-sensitivity credentials — granting them equals giving the service access to your database and to credit balances. - Do not deploy with default/empty secrets. Set a strong ADMIN_TOKEN and unique WEBHOOK_SHARED_SECRET / provider webhook secrets before exposing admin endpoints. - Admin endpoints (create-key, stats) exist — ensure these are protected by ADMIN_TOKEN and not public. If you deploy to a public host, restrict access (IP allowlist, additional auth) or remove admin routes from the public surface. - The service requires a Postgres DB. Run it in an isolated project/account and avoid reusing a production database or credentials. - Verify webhook handling and fee addresses. The server only accounts for bookkeeping; on-chain custody/splitting must be handled by your payment processor. Double-check fee calculations and where fee addresses are configured. - Installation/Deployment: because there is no install spec, you (or your operator) will need to run npm install and manage deployment. Review package.json, pin dependency versions, and run dependency audits (npm audit / SCA) before deploying. - Review the code yourself (or have an engineer review) for any environment-specific assumptions you may need to change (rate limits, pricing envs, MAX_BODY_BYTES). The transformer functions are deterministic and do not make outbound network calls, which reduces exfiltration risk, but the DB/webhook code will handle sensitive data. If you want to proceed, require the publisher to update registry metadata to explicitly declare required env vars and permissions, or only run the reference implementation in an isolated/test environment until you are comfortable with configuration and security controls.

Review Dimensions

Purpose & Capability: concernThe name/description (metered public API with API-key auth, usage ledger, and payment webhooks) are consistent with the bundled server and Next.js reference code. However, the published metadata declares no required environment variables or credentials even though the code expects a Postgres DATABASE_URL, ADMIN_TOKEN, webhook secrets, fee addresses, and other env vars — a clear mismatch between stated registry requirements and actual runtime needs.
Instruction Scope: okSKILL.md and the references document the expected workflow (pick transformer, run the server, create API keys, wire webhooks, deploy behind TLS). The runtime instructions and code operate within that advertised scope (authenticate signed API keys, check balances, deduct per-call cost, verify provider webhooks). The instructions do not direct the agent to read unrelated local system files or exfiltrate secrets, but they do require you to provide sensitive configuration (DB URL, webhook secrets, admin token).
Install Mechanism: noteThere is no install spec in registry metadata (instruction-only), but the package contains runnable Node.js code (server and Next.js starter) that requires npm dependencies (next, pg, fastify, @fastify/rate-limit, etc.). This means the user/installer must run npm install / deploy themselves; nothing is downloaded from an untrusted URL, but the lack of an explicit install step in metadata is a usability/security gap (operators might not realize what will be required).
Credentials: concernRegistry metadata lists no required env vars or credentials, yet the code and SKILL.md expect many sensitive env vars: DATABASE_URL (Postgres connection string), ADMIN_TOKEN, WEBHOOK_SHARED_SECRET, COINBASE_COMMERCE_WEBHOOK_SECRET, BTCPAY_WEBHOOK_SECRET, FEE_BPS, FEE_ETH_ADDRESS, FEE_BTC_ADDRESS, COST_CENTS_PER_CALL, MAX_BODY_BYTES, MAX_SKEW_MS, PORT/HOST, etc. Requesting a DB connection string and multiple webhook secrets is proportional for a hosted payments/ledger service, but the omission from metadata is an incoherence and a potential safety/permission model problem (user may not be warned up-front).
Persistence & Privilege: okThe skill does not request always:true, does not claim to modify other skills, and does not embed persistent platform-level privileges. It implements its own runtime server and DB records (api_keys, balances, usage, credits) which is normal for the stated purpose. Be aware running this creates a long-lived external service with its own credentials and webhooks.