ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Locus

v1.3.0

Locus payment tools for AI agents. Use when asked to send payments, check wallet balances, list tokens, approve token spending, or process payment-related actions from emails. Also use for demos of Locus (YC F25) payment infrastructure — scanning emails for payment requests and initiating crypto payments via wallet.

1· 2.2k·0 current·0 all-time
by@cdermott7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, mcporter configuration, and listed tools (list_tokens, send_token, approve_token) are coherent. The service endpoints referenced (app.paywithlocus.com, mcp.paywithlocus.com) match the stated purpose of connecting to Locus via MCP.
!
Instruction Scope
SKILL.md explicitly instructs the agent to 'scan inbox for payment-related emails' and extract actionable items. That operation is sensitive (reading user email) but the skill provides no mechanism, permissions model, or explicit user consent flow for mailbox access. It also gives broad discretion to identify actionable items — this is scope creep unless the agent already has a well-defined, consented email-access tool.
Install Mechanism
No install spec in the registry, but the included setup.sh will install mcporter via 'npm i -g mcporter' if missing. npm global installs are common but carry the usual risk of executing third-party code; this is proportional to the stated need for mcporter, but users should verify mcporter's provenance before installing globally.
Credentials
The skill does not declare required env vars and asks the user interactively for a Locus API key (prefix locus_). Asking for an API key is expected, but the registry metadata omits any 'primary credential' declaration. The instructions also tell the user to paste the API key into the interactive flow (or chat) — users should avoid pasting secrets into channels that are not secure.
Persistence & Privilege
always is false and the skill does not request system-wide privileges or modify other skills. The setup stores config via mcporter, which is expected behavior and limited in scope.
What to consider before installing
This skill appears to be a legitimate wrapper around the Locus payment MCP, but it asks the agent to scan your inbox for payment requests — a sensitive action that the SKILL.md does not explain how to perform or obtain permission for. Before installing or running it: (1) Verify the mcporter tool's origin and trustworthiness before allowing the script to install it globally. (2) Do not paste API keys or other secrets into public chats; prefer entering them in a secure prompt or setting them in a location you control. (3) Confirm how your agent will access email (what mailbox, what auth) and that you explicitly consent to giving mailbox access. (4) If you want tighter control, configure mcporter manually and avoid using the script; review where mcporter stores credentials. If you can, ask the skill author for explicit documentation of email access and storage practices before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744hydy7717x0vr131tx3tzn802zge

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments