Shelter
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: shelter Version: 1.0.3 The skill bundle is benign. All files, including `SKILL.md`, `install-skill.js`, and `package.json`, align with the stated purpose of providing a financial advisor skill. The `SKILL.md` instructions guide the AI agent on how to interact with the Shelter API and summarize responses, without any evidence of prompt injection attempting to subvert the agent's behavior, exfiltrate data, or execute unauthorized commands. The `install-skill.js` and `uninstall-skill.js` scripts perform standard file system operations to manage the skill's installation, and the `curl` commands in `SKILL.md` are well-defined, targeting the legitimate `api.shelter.money` domain for read-only financial data access, as explicitly stated in the security sections.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing this should understand that the agent can use the API key to retrieve financial health, cash-flow, and coaching data from Shelter.
The skill requires a Shelter API key and tells the agent to attach it to API calls. This is expected for the service, but it grants access to sensitive financial insights.
Every request needs two things: - **Header**: `X-Shelter-Key: $SHELTER_API_KEY`
Use a scoped Shelter API key, store it securely, review what scopes it grants, and revoke it from Shelter settings if no longer needed.
If the API URL environment variable is changed to an unintended host, the Shelter API key could be sent there.
The skill uses curl to call Shelter endpoints and supports an overrideable base URL. This is purpose-aligned, but users should ensure SHELTER_API_URL points only to the intended Shelter API before sending the key.
curl -s -H "X-Shelter-Key: $SHELTER_API_KEY" \
"${SHELTER_API_URL:-https://api.shelter.money/agent}/v1/status"Leave SHELTER_API_URL unset unless you intentionally use a trusted Shelter endpoint, and verify environment variables before use.
Installing via npm can automatically modify the local Claude skill directory.
The npm package runs local lifecycle scripts that install or remove the skill files. The included scripts are simple file-copy/removal operations, but npm lifecycle execution is still something users should notice.
"scripts": {
"postinstall": "node install-skill.js",
"preuninstall": "node uninstall-skill.js"
}Prefer the reviewed ClawHub install path when possible, or inspect the package and scripts before installing via npm.
A user following the README may install a different npm package than the one represented by the included package manifest.
The README's npm install command does not match the package name shown in package.json, which is `@shelter.money/agent-skill`. This creates minor provenance ambiguity for users choosing npm installation.
npm install -g @shelter/agent-skill
Verify the exact npm package name, publisher, and repository before installing outside ClawHub.