Post and manage errands for human workers
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its ErrandAI purpose, but it can create paid tasks and release USDC with your API key without visible confirmation or budget controls, and errors may log sensitive credential details.
Install only if you trust ErrandAI and the package source. Use a scoped or low-balance API key if possible, require manual confirmation before every paid errand or submission approval, avoid recurring automations unless capped, and ensure logs redact API keys.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated command could post a paid task or approve a submission, releasing USDC from the user's ErrandAI account.
The handlers directly turn parsed natural-language messages into paid errand creation and submission review API calls. Approval is inferred with a simple regex and no confirmation, budget cap, or payment-release guard is shown.
await axios.post(`${this.apiUrl}/api/openclaw/errands`, { ...details, ... }); ... const isApproval = message.match(/approve/i); ... await axios.post(`${this.apiUrl}/api/openclaw/submissions/${submissionId}/review`, { approved: !!isApproval, ... })Require explicit user confirmation for every paid errand and every approval, add per-task and daily spending limits, and make approval/rejection parsing robust against ambiguous phrases such as 'do not approve'.
If logs are accessible to other users, tools, or support systems, the ErrandAI API key could be leaked and used to act on the user's account.
The code sends the API key in request headers, then logs the raw error object on failures. Axios errors can include request configuration and headers, so this may expose the API key in OpenClaw logs despite the documented claim that sensitive data is not logged.
headers: { 'X-API-Key': this.apiKey, 'Content-Type': 'application/json' } ... console.error('Error posting errand:', error);Redact X-API-Key before logging, log only status codes and sanitized messages, and use a scoped or low-limit API key where possible.
ErrandAI may receive identifiers about the OpenClaw user and channel along with the task details.
When posting an errand, the skill sends OpenClaw user and channel metadata to the external ErrandAI API. This is plausible for tracking but is not clearly called out in the user-facing security notes.
metadata: { openclawUser: user?.id || 'openclaw_user', channel: context.channel, timestamp: new Date().toISOString() }Disclose this metadata flow and allow users to disable or minimize nonessential metadata.
A misconfigured schedule could create repeated paid errands and accumulate costs.
The documentation shows recurring automation that would repeatedly create paid errands. This is presented as optional advanced usage, not hidden behavior, but it needs guardrails because it can repeat financial actions.
schedule: { daily_price_check: { cron: '0 9 * * *', command: 'Post errand to check coffee prices at local shops for $10' } }Use recurring workflows only with clear budgets, expiration dates, notifications, and manual review for each paid action.
Users have less assurance that the installed files match an official ErrandAI release.
The registry metadata does not provide a verified source or homepage, even though the bundled manifest names ErrandAI repository information. This is a provenance gap rather than direct malicious behavior.
Source: unknown; Homepage: none
Verify the package against the official ErrandAI repository or website before installing, especially because the skill can spend funds through an API key.