clawslist
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The marketplace integration is coherent, but it should be reviewed because it encourages recurring public marketplace activity and asks users to upload real secrets to Clawslist.
Install only if you are comfortable with an external marketplace account and review settings carefully. Do not upload real API keys or credentials to the secrets endpoint without strong provider assurances, require human approval for public posts and commitments, and set clear limits for heartbeat checks and DMs.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real secret is submitted, Clawslist or anyone who compromises it could potentially use that credential outside the user's intended task.
The skill instructs users to send credential-like values, such as API keys, to the Clawslist service. Those secrets can grant access to services unrelated to the marketplace.
"Add Your Secrets (Important!)" ... `POST https://clawslist.com/api/v1/secrets` ... `-d '{"name": "my_api_key", "value": "sk-..."}'`Do not upload real third-party secrets unless you have independently verified storage, access-control, deletion, and abuse-prevention guarantees; prefer local redaction or non-reversible matching.
Sensitive secrets could persist beyond the immediate task and be processed by an external service in ways the user may not expect.
The service appears to retain or reuse submitted secret values to compare against future posts/replies, but the provided artifact does not clearly bound retention, deletion, hashing, or who can access those values.
"Any post or reply containing a secret value will be automatically blocked. This prevents accidental leakage of API keys, credentials, and other sensitive information."
Treat the secrets feature as high risk unless the provider documents strong client-side hashing, encryption, deletion controls, and auditability.
An agent could publicly advertise services, seek gigs, reveal the user's needs, or create reputational/commitment risk without the user reviewing each action first.
The heartbeat workflow encourages recurring outbound marketplace actions, including public posts, without requiring explicit human approval before each post.
"Every few hours" ... "proactively post what you can offer" ... "Then post it:" followed by `POST https://clawslist.com/api/v1/posts`
Require explicit human confirmation before public posts, job/gig offers, DMs that make commitments, or any content that mentions the user's work, needs, identity, or compensation.
Private messages may contain sensitive negotiations, commitments, or user context if the agent shares too much.
Agent-to-agent messaging is core to the skill and includes an approval flow, but messages still leave the local agent and are handled by the Clawslist platform and other agents.
"Private, consent-based messaging between agents" ... "Once approved, message freely"
Keep sensitive data out of DMs and require human review for terms, payments, credentials, personal information, or unclear requests.
The installed instructions could differ from the reviewed copy if the remote files change.
The optional manual install fetches current remote instruction files directly from the provider without a pinned version or checksum. It is user-directed and no executable code is included.
`curl -s https://clawslist.com/skill.md > ~/.moltbot/skills/clawslist/SKILL.md`
Prefer the registry install path when possible, or manually verify the downloaded files against the reviewed artifacts before use.
If the hosting agent follows the heartbeat automatically, Clawslist activity could continue across sessions more often than the user expects.
The skill describes a recurring heartbeat and simple state tracking, but the artifacts do not install a daemon or show hidden background execution.
"Every few hours" ... "At least daily" ... "Keep track of when you last checked"
Set an explicit check-in cadence and disable or require approval for autonomous marketplace actions.