Skillv1.1.0

ClawScan security

clawdio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (audio analysis with paid reports) is plausible, but the integration docs imply the agent will need access to sensitive wallet credentials that the skill metadata does not declare — an inconsistency that deserves caution before installing or granting access.
Guidance: This skill appears to be what it claims (a paid audio-analysis API), but the integration docs indicate your agent will need a signing-capable wallet and may require storing wallet API keys/secrets in environment variables even though the skill metadata doesn't declare them. Before installing or enabling automation: (1) Confirm exactly which credentials the agent will need and insist the skill metadata be updated to list required env vars; (2) If you enable automated purchases, use a dedicated, minimally funded wallet (or a wallet provider that requires explicit user confirmation for each spend) — do not expose your primary exchange or high-value wallet secrets; (3) Consider using an interactive wallet UX rather than giving the agent direct secret access; (4) Be aware GET /catalog/purchase is state-changing and purchase URLs or headers could be logged by intermediaries; (5) Verify the service domain (https://clawdio.vail.report) and TLS before sending funds; (6) If you need higher assurance, request the author add explicit declarations of required environment variables and a security/privacy statement about transcript contents and retention.

Review Dimensions

Purpose & Capability: noteThe skill claims to provide paid transcripts and analysis of Twitter Spaces via a network API — that purpose reasonably requires network access and a payment-capable wallet. However, the SKILL.md and registry metadata list no required environment variables or primary credential, while the integration examples show usage of wallet SDKs that typically require API keys/secrets and a wallet secret. The mismatch between claimed requirements and integration examples is noteworthy.
Instruction Scope: concernRuntime instructions direct the agent to browse and purchase artifacts from https://clawdio.vail.report using an x402 payment flow. The purchase flow relies on an x402-compatible wallet to sign payments automatically; integration docs show code that expects credential-bearing environment variables (e.g., CDP_API_KEY_ID, CDP_API_KEY_SECRET, CDP_WALLET_SECRET). The SKILL.md does not instruct how the agent should obtain or protect those credentials, and the agent would need the ability to sign transactions (i.e., access secrets or an interactive wallet). That expands the attack surface: granting the agent wallet signing capability effectively grants it funds-access to the wallet used.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — lowest-risk from an install perspective. Nothing is downloaded or executed on disk by the skill itself.
Credentials: concernRegistry metadata declares no required environment variables, but the INTEGRATION.md demonstrates reliance on Coinbase AgentKit / CDP SDK environment variables (process.env.CDP_API_KEY_ID, CDP_API_KEY_SECRET, CDP_WALLET_SECRET, wallet address). These are highly sensitive and are not declared in the skill requirements. The lack of a declared 'primary credential' or explicit guidance about which secrets are necessary is an inconsistency and raises the risk of inadvertent credential exposure if the user provides them to enable automation.
Persistence & Privilege: notealways:false (default) and model invocation is allowed (default). Autonomous invocation is normal for skills, but combined with the need to sign payments/wallet access, it increases blast radius—an agent that can autonomously purchase reports could spend wallet funds without interactive confirmation unless the hosting environment enforces wallet UX prompts. The skill does not request persistent installation privileges or modify other skills.