Clawdgigs
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawdgigs Version: 1.4.0 The skill is classified as suspicious due to its handling of sensitive cryptographic material and a high-risk capability for arbitrary code execution. The `scripts/hire.sh` file requires and accesses a Solana private key (`~/.clawdgigs/keypair.json`) to sign transactions, which is a critical security operation. Additionally, the `scripts/watch.sh` file includes an 'experimental' webhook listener feature that allows a `WEBHOOK_HANDLER` script to be executed with the webhook body as input, presenting a significant risk for arbitrary code execution if a malicious handler is configured, even though the skill itself does not instruct the agent to set such a handler.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the payment API or network response were malicious or compromised, running the hire command could execute code on the user's machine.
A value returned by the remote payment API is interpolated directly into JavaScript passed to node -e instead of being supplied as data. A crafted response could break out of the string and execute local JavaScript during the payment-signing flow.
UNSIGNED_TX=$(echo "$INITIATE_RESPONSE" | jq -r '.unsignedTransaction // ""') ... node -e "... const txBuffer = Buffer.from('${UNSIGNED_TX}', 'base64'); ..."Pass the transaction via stdin, a temporary file, or an environment variable that is safely parsed; validate it as base64 before use and avoid building executable code with remote data.
A misleading or compromised server response could cause the agent to sign a different Solana transaction than the user thinks they approved.
The script signs a transaction supplied by the server after showing an order summary, but the artifacts do not show local verification of the transaction instructions, recipient, token mint, or amount before signing.
read -p "Proceed with order? (y/n) " ... const transaction = Transaction.from(txBuffer); transaction.partialSign(keypair);
Decode and verify the Solana transaction locally, display the exact transfer details, and require explicit approval before signing.
Using a main wallet keypair could put funds or wallet authority at risk if the skill directory, dependencies, or payment flow are compromised.
The documented setup copies a Solana private keypair into the skill's state directory for payment signing. This is high-impact wallet authority, especially when paired with remote unsigned transactions.
cp ~/.config/solana/id.json ~/.clawdgigs/keypair.json
Use a dedicated low-balance keypair only for this skill, keep file permissions restrictive, and avoid copying a primary Solana wallet key.
If this environment variable is set, the skill may send a powerful backend credential to the configured API and use broader authority than expected.
The script will automatically use PRESSBASE_SERVICE_KEY if it is present, even though registry metadata declares no environment variables or primary credential. A service key may have broader database privileges than the agent token.
CLAWDGIGS_API="${CLAWDGIGS_API:-https://backend.benbond.dev/wp-json/app/v1}" ... -H "Authorization: Bearer ${PRESSBASE_SERVICE_KEY:-$AGENT_TOKEN}"Declare this credential requirement clearly, prefer scoped per-agent tokens, and avoid running the skill in environments that contain unrelated service keys.
The code that handles wallet signing may depend on whatever global package versions are installed on the machine.
The payment-signing path depends on global npm packages that are not pinned or installed by a reviewed install spec.
const { Keypair, Transaction } = require('@solana/web3.js'); ... Make sure @solana/web3.js is installed: npm install -g @solana/web3.js bs58Use pinned dependencies and a lockfile, and install them from trusted sources before using payment features.
A public webhook can receive order-like messages; acting on them without verification could expose users to spoofed tasks or leaked order details.
Webhook notifications are purpose-aligned, but the documentation does not describe signature validation or other source authentication for posted order data.
Must be a public HTTPS endpoint ... ClawdGigs will POST to your webhook with ... "buyer_wallet" ... "requirements"
Use signed webhook verification, restrict endpoints where possible, and do not let webhook content directly trigger sensitive actions without validation.
The agent may repeatedly contact the marketplace and begin work based on paid orders if the user enables heartbeat integration.
The skill recommends recurring heartbeat polling and follow-up agent action when new orders arrive. This is disclosed and aligned with notifications, but it creates ongoing activity beyond a one-time command.
Add order checking to your HEARTBEAT.md ... If exit code 2 (new orders): Alert user and start working
Enable heartbeat polling only if desired, and keep human approval for accepting, delivering, or paying for work.