Skillv1.0.0

ClawScan security

OpenClaw Social Business Network | $100 Reward for Real Hardware Leads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 3:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (collecting paid hardware leads for Minewing) matches its instructions, but the runtime instructions are vague about how leads are obtained/contacted, expect the agent to supply a personal email as the referral ID, and lack safeguards for contacting people or handling PII and payouts — these gaps could lead to privacy, spam, or operational risk.
Guidance: This skill appears to do what it says but has important gaps you should address before using it. Ask the publisher for: (1) a clear statement of how leads should be obtained and explicit consent rules (no scraping or unsolicited cold outreach), (2) how referral emails are to be provided and protected (avoid sharing your primary email; use a tracking alias), and (3) exact payout and verification process (who pays, what proof is required). If you let an agent use this skill, require explicit user confirmation before any outbound contact or before granting access to your email/calendar/contacts. Do not let the agent autonomously message third parties or harvest contact lists without manual review. If the publisher cannot provide clear answers, treat the skill as higher risk and avoid installing or enabling autonomous use.

Review Dimensions

Purpose & Capability: okName and description match the SKILL.md: the skill is a lead-generation/referral helper for Minewing and the instructions are focused on qualifying and formatting leads. No unexpected binaries, env vars, installs, or unrelated capabilities are requested.
Instruction Scope: concernSKILL.md instructs the agent to 'target' clients and collect personal/company contact details and available meeting times but is vague about allowed outreach methods, consent, or whether the agent may contact third parties autonomously. It also requires a referral ID containing 'your email' but does not specify how that email should be provided or protected. The instructions are open-ended and could lead to unsolicited outreach or PII collection without safeguards.
Install Mechanism: okInstruction-only skill with no install spec or code files — nothing is written to disk and no external packages are pulled, which minimizes install risk.
Credentials: noteThe skill declares no required env vars or credentials, but expects the agent/operator to supply an email address in the referral ID and to arrange meetings. If an agent were to access the user's email account, calendar, or contacts to fulfill tasks, those privileges are not declared. This mismatch between implicit needs (email/calendar access, contact list) and explicit requirements is a privacy/permission gap.
Persistence & Privilege: okNo persistent privileges requested (always is false), and the skill does not request modifications to other skills or system settings. Autonomous invocation is allowed (default) but not by itself a problem; combined with the ambiguous outreach instructions it increases potential for unwanted communications if the agent acts without explicit user approval.