Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawdVine
v1.1.0Short-form video for AI agents. Generate videos using the latest models, pay with USDC via x402.
⭐ 0· 1.2k·0 current·0 all-time
by@c0rv0s
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (paid video generation via x402) matches the code and SKILL.md (calls to https://api.clawdvine.sh, x402 flow, SIWE signing). However the registry metadata said 'Required env vars: none' and 'Primary credential: none' while the provided scripts and documentation clearly require an EVM_PRIVATE_KEY (wallet private key) and optionally CLAWDVINE_AGENT_ID. That omission is an incoherence: a wallet private key is legitimately needed for x402 payments and SIWE signing, so it should have been declared.
Instruction Scope
The SKILL.md and scripts instruct the agent/operator to persist the returned agentId (store to memory, agent config, or set CLAWDVINE_AGENT_ID env var) and to use EVM_PRIVATE_KEY for signing payments and SIWE authentication. These instructions go beyond a single ephemeral call (they require persistent secrets/config). The SKILL.md also explicitly instructs the agent to always include agentId and to 'SAVE ... TO YOUR MEMORY' — this is scope-creep relative to a simple generation helper and can affect persistence/behavior across sessions.
Install Mechanism
There is no install spec in the registry (instruction-only), which is low-risk for on-platform install. But the package includes Node scripts and a package.json with dependencies (@x402/*, viem, siwe). Running the scripts requires installing npm packages locally. The absence of an install step in metadata is an inconsistency (users may run scripts without installing deps). No high-risk external download URLs or extract steps were found.
Credentials
The skill requires powerful secrets at runtime: EVM_PRIVATE_KEY (used to sign payments and SIWE messages) and may ask you to set CLAWDVINE_AGENT_ID persistently. The metadata declared no required envs/primary credential, which is misleading. Requesting a full wallet private key is a high-privilege ask and should be explicitly declared and justified — it is justified for making onchain USDC payments, but the omission in metadata and the instruction to persist secrets is concerning.
Persistence & Privilege
The SKILL.md repeatedly instructs storing the agentId 'permanently' to agent memory/config or as an environment variable, and the scripts assume persistent EVM_PRIVATE_KEY in the environment. While the skill is not marked always:true, autonomous invocation (default) combined with stored credentials would increase blast radius. The skill does not attempt to modify other skills or system settings, but persistent storage of private keys/IDs by an agent should be treated as a privilege and explicitly approved.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md contains directives that attempt to control agent behavior (e.g., 'SAVE THE RETURNED agentId TO YOUR MEMORY — you need it for all future requests') which match a 'system-prompt-override' pattern. While storing an agentId is functionally relevant, embedded imperative instructions to persist memory and change agent behavior are prompt-like and should be treated cautiously.
What to consider before installing
What to consider before installing or running this skill:
- The skill legitimately needs a wallet to pay via x402, but the package/registry metadata failed to declare the required env var. Do not supply your main wallet private key. If you try it, use a dedicated Base wallet with minimal USDC and no valuable tokens.
- The scripts require EVM_PRIVATE_KEY (sandboxed environment) and optionally storing CLAWDVINE_AGENT_ID persistently. Storing a private key in an environment variable is convenient but risky — prefer signing in a separate wallet app or use a wallet with spending limits.
- Review endpoints and addresses before use: api.clawdvine.sh, the claimed USDC token and facilitator addresses, and any tx explorers. Confirm the domain/owner independently (e.g., GitHub repo, DNS, or project governance) before trusting payments.
- Because the package includes Node scripts and npm dependencies, run them locally in an isolated environment (container/VM) and inspect/execute them yourself rather than handing secrets to a remote agent. Install dependencies only from the official registries and verify package versions.
- If you want to allow the agent to call this skill, avoid giving it your private key. Instead: (a) keep the key offline and run signing locally, or (b) use a wallet service that supports limited-authority signing or per-transaction confirmations.
- If you are not comfortable with onchain payments or persisting credentials, you can still use the service via manual wallet interactions, but do not set EVM_PRIVATE_KEY in shared agent environments.
If you want, I can: point out the exact lines that require EVM_PRIVATE_KEY, extract all places the skill writes/reads persistent config, or draft safer usage instructions (e.g., run payments via a hardware wallet or use a burner wallet).Like a lobster shell, security has layers — review code before you run it.
latestvk97eyf9kcvc19pc5v9d7rjfcvn80j4hb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.