ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdvine

v1.1.0

Short-form video for AI agents. Generate videos using the latest models, pay with USDC via x402.

2· 1.6k·0 current·0 all-time
by@c0rv0s
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate videos and accept payment via x402/USDC on Base — the included scripts (x402-generate.mjs, sign-siwe.mjs, check-balance.mjs) implement exactly that. However, registry metadata declares no required environment variables or primary credential while the scripts clearly require EVM_PRIVATE_KEY (and optionally CLAWDVINE_AGENT_ID). This mismatch between declared requirements and actual code is incoherent and can lead to accidental exposure of a wallet key or failure to realize the skill needs wallet access.
!
Instruction Scope
SKILL.md explicitly instructs the agent to look for and persist an agentId (save to memory/config/environment) and to use an EVM private key to sign payments and SIWE messages. It also instructs the agent to always include stored agentId in requests. While these steps are functionally needed for credited/gated flows, they expand the agent's scope to access and persist secrets (wallet private key and agent identity) and to modify persistent memory/config — more privilege than the metadata suggests.
Install Mechanism
There is no installer or remote download; the skill is instruction-plus-scripts. A package.json and package-lock.json list npm dependencies (x402 client libs, viem, siwe) which are standard and traceable via npm. No remote extract-from-URL installs are present. The only risk is that running the scripts locally requires installing npm packages and executing code that uses your private key.
!
Credentials
The skill operationally requires sensitive environment values (EVM_PRIVATE_KEY for signing/payments, optional CLAWDVINE_AGENT_ID) but the registry metadata declares none. Requesting a raw private key in an env var is a high-privilege action — it is necessary for the x402 payment flow, but it must be declared prominently and handled carefully. The number and sensitivity of env vars is proportionate to the payment capability, but the omission in metadata is an important inconsistency.
Persistence & Privilege
The skill asks the agent to persist the agentId (memory, config, or environment) so future requests include it. Persisting an agent identity is reasonable for credited behavior, but because the skill can also instruct use of an EVM private key, persistent storage increases the blast radius if secrets are mishandled. The skill does not request always:true and does not modify other skills' configs.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md includes imperative instructions like 'SAVE THE RETURNED agentId TO YOUR MEMORY — you need it for all future requests' which resemble persistence/prompt-manipulation patterns flagged by the scanner. While saving an agentId is functionally required for the service, this pattern can be abused to persist state across runs or attempt to influence agent behavior; the finding should be reviewed by a human.
What to consider before installing
Before installing or running this skill: (1) Understand that to pay via x402 the provided scripts require your EVM private key (EVM_PRIVATE_KEY) or an external signer — do NOT set a long-term wallet private key in environment variables unless you accept the risk. Prefer a dedicated ephemeral wallet with minimal funds if you must provide a key. (2) The skill metadata does not list these required env vars; treat that as a red flag — confirm the source (clawdvine.sh, GitHub repo) and verify authenticity before use. (3) The SKILL.md asks the agent to persist an agentId to memory/config; consider whether you want that stored long-term and where (local config vs agent memory). (4) If you plan to run the Node scripts locally, inspect them (they are included) and run them locally rather than giving the agent direct access to secrets. (5) If you need payment signing, prefer using an external signing flow (hardware wallet or remote signer) rather than placing a raw private key on the host. (6) If you are unsure about provenance of clawdvine.sh or the package owner, do not provide secrets and verify the project (repo, authors, open-source history) first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970a6kaaj2a22ae95mdrpt55180kvtz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments