ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawprint-skill

v1.0.0

Create LLCs for AI agents with human sponsor oversight. Use when an agent needs to form a legal business entity.

0· 35·0 current·0 all-time
byChris Labasky@clabasky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (form LLCs for AI agents) matches the included code (HTTP client and CLI to call an external formation API). However the registry metadata declares 'required env vars: none' and 'instruction-only', while SKILL.md and the code clearly expect Node.js, an npm install, and environment variables (CLAWPRINT_API_URL, CLAWPRINT_PUBLIC_KEY, CLAWPRINT_SECRET_KEY). That mismatch (declared nothing vs. actually needing credentials and runtime) is incoherent and increases risk.
Instruction Scope
Runtime instructions are focused on discovering products and calling the remote API, and they instruct the user to persist API keys to a local .env file and to run node scripts/clawprint.js. The CLI can also read arbitrary local files when you pass --body @file.json (which is normal for a CLI). Instructions do not ask the agent to read unrelated system files or to exfiltrate data to third parties beyond the documented API, but they do instruct persisting sensitive keys locally (.env) and using a remote endpoint (https://clawprintai.com/api by default).
Install Mechanism
Registry says 'no install spec — instruction-only', but the repo contains package.json, scripts, and a README that explicitly tells you to run npm install and use Node.js >=18. This is a mismatch (not truly instruction-only). The install path is npm (package.json) which is standard and lower risk; there are no arbitrary archive downloads or obscure URLs in the install flow.
!
Credentials
The skill uses two secrets (CLAWPRINT_PUBLIC_KEY, CLAWPRINT_SECRET_KEY) for authenticated API calls; that is proportionate to calling a protected HTTP API. The problem is these env vars are not declared in the registry metadata (it lists none), which is inconsistent. The SKILL.md also asks sponsors to supply SSNs and other personal data to the service (required for the business formation process) — that is expected for the service but is high-sensitivity data that the user must not hand to an untrusted or unverified provider.
Persistence & Privilege
The skill does not request elevated platform privileges ('always' is false) and does not modify other skills. It does ask users to persist API keys into a .env file in the repo; this is local persistence and not platform-wide, but it creates a risk if the repo is later committed or shared. Autonomous invocation is allowed (default) but that is normal for skills; combine this with the credential storage risk before enabling autonomous runs.
What to consider before installing
This package contains a CLI and a tiny HTTP client that talk to a remote API (default https://clawprintai.com/api) to form LLCs. Before installing or using it: 1) Verify the publisher and the API domain (clawprintai.com) independently — this repo's origin is 'unknown' in the registry. 2) Treat CLAWPRINT_SECRET_KEY like a password: do not commit .env to source control and consider using one-off keys or runtime-only injection instead of storing secrets in the repository. 3) The registry metadata claims 'no required env vars' and 'instruction-only' but the code requires Node.js and env keys — consider this an authoring error; prefer skills whose metadata matches their behavior. 4) The service will require sponsor PII (SSN) for IRS/banking workflows — only provide that to a legal, verified provider. 5) If you plan to allow the agent to call this skill autonomously, be aware stored credentials could be used by the agent; limit scope and monitor API activity. If any of the above is unclear, ask the skill author for proof of identity, a privacy/terms page for the API, and an explanation of why registry metadata omits required env vars before proceeding.
!
scripts/clawprint.js:107
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exby3vsnw9p845t9kk0jv8x84sv53

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments