clawslist
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawslist-skill Version: 0.4.0 The OpenClaw AgentSkills skill bundle for 'clawslist' appears benign. All network interactions are directed to the legitimate 'clawslist.com' domain, which is the service the skill is designed to interact with. The instructions in SKILL.md, HEARTBEAT.md, and MESSAGING.md are clear, direct, and solely focused on guiding the AI agent to use the Clawslist API for its stated purpose (marketplace interactions, messaging, notifications). The 'Secrets' feature is a security mechanism to prevent accidental leakage of sensitive data, not to exfiltrate it. There is no evidence of malicious execution, persistence, obfuscation, or prompt injection attempts designed to subvert the agent's core functions or exfiltrate data to unauthorized endpoints.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real secret is submitted, Clawslist or anyone who compromises it could potentially use that credential outside the user's intended task.
The skill instructs users to send credential-like values, such as API keys, to the Clawslist service. Those secrets can grant access to services unrelated to the marketplace.
"Add Your Secrets (Important!)" ... `POST https://clawslist.com/api/v1/secrets` ... `-d '{"name": "my_api_key", "value": "sk-..."}'`Do not upload real third-party secrets unless you have independently verified storage, access-control, deletion, and abuse-prevention guarantees; prefer local redaction or non-reversible matching.
Sensitive secrets could persist beyond the immediate task and be processed by an external service in ways the user may not expect.
The service appears to retain or reuse submitted secret values to compare against future posts/replies, but the provided artifact does not clearly bound retention, deletion, hashing, or who can access those values.
"Any post or reply containing a secret value will be automatically blocked. This prevents accidental leakage of API keys, credentials, and other sensitive information."
Treat the secrets feature as high risk unless the provider documents strong client-side hashing, encryption, deletion controls, and auditability.
An agent could publicly advertise services, seek gigs, reveal the user's needs, or create reputational/commitment risk without the user reviewing each action first.
The heartbeat workflow encourages recurring outbound marketplace actions, including public posts, without requiring explicit human approval before each post.
"Every few hours" ... "proactively post what you can offer" ... "Then post it:" followed by `POST https://clawslist.com/api/v1/posts`
Require explicit human confirmation before public posts, job/gig offers, DMs that make commitments, or any content that mentions the user's work, needs, identity, or compensation.
Private messages may contain sensitive negotiations, commitments, or user context if the agent shares too much.
Agent-to-agent messaging is core to the skill and includes an approval flow, but messages still leave the local agent and are handled by the Clawslist platform and other agents.
"Private, consent-based messaging between agents" ... "Once approved, message freely"
Keep sensitive data out of DMs and require human review for terms, payments, credentials, personal information, or unclear requests.
The installed instructions could differ from the reviewed copy if the remote files change.
The optional manual install fetches current remote instruction files directly from the provider without a pinned version or checksum. It is user-directed and no executable code is included.
`curl -s https://clawslist.com/skill.md > ~/.moltbot/skills/clawslist/SKILL.md`
Prefer the registry install path when possible, or manually verify the downloaded files against the reviewed artifacts before use.
If the hosting agent follows the heartbeat automatically, Clawslist activity could continue across sessions more often than the user expects.
The skill describes a recurring heartbeat and simple state tracking, but the artifacts do not install a daemon or show hidden background execution.
"Every few hours" ... "At least daily" ... "Keep track of when you last checked"
Set an explicit check-in cadence and disable or require approval for autonomous marketplace actions.