Skillv1.0.1

ClawScan security

KYC & Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 20, 2026, 8:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared behavior (KYC via MasterPay) is plausible, but there are incoherent and under-specified pieces around authentication and the declared primary environment variable that make it risky to trust without clarification.
Guidance: This skill claims to perform KYC flows and will handle sensitive personal data and identity documents. Before installing or using it, ask the publisher: (1) Where do bearer tokens or API credentials come from? The skill asks you to verify a 'valid bearer token' but does not declare any token env var or auth setup — confirm how authentication is provided and secured. (2) Why is the primaryEnv set to AIOT_API_BASE_URL (a URL, not a secret)? That looks like a misconfiguration. (3) Confirm the target API base URL: the default points to a development host (payment-api-dev.aiotnetwork.io). Do not upload real PII to a dev endpoint; insist on a validated production endpoint and data-handling policy. (4) Verify the skill owner's identity, privacy/retention policies, and compliance (handling of PII, retention, who can access uploaded documents). (5) Request explicit documentation of where transaction PINs and bearer tokens are stored, whether the platform will log them, and whether uploads are encrypted in transit and at rest. If the author can provide a corrected primaryEnv (e.g., a token name), a clear auth flow, and a confirmed production base URL, that would address the main concerns and could raise confidence.

Review Dimensions

Purpose & Capability: noteThe skill's endpoints and flows match a KYC/identity workflow (profile, upload documents, submit KYC). However, the registry metadata marks AIOT_API_BASE_URL as the primary credential, which is unusual — a base URL is not a secret credential. The skill also hardcodes a default dev API URL (https://payment-api-dev.aiotnetwork.io), which is unexpected for a production-facing KYC skill and could lead to accidentally sending PII to a development environment.
Instruction Scope: concernThe SKILL.md stays within KYC tasks (create user, update profile, upload docs, poll status) but repeatedly requires authenticated calls and instructs the agent to "verify the session has a valid bearer token" and to prompt for transaction PINs. The skill does not document how authentication tokens are obtained, stored, or provided (no required env var or auth flow described). That missing auth specification is a scope/integration gap: the agent will need access to bearer tokens or session state not declared by the skill.
Install Mechanism: okInstruction-only skill with no install spec or code files. This is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials: concernThe skill declares only AIOT_API_BASE_URL as a required env var and even lists it as the primary credential. It does not declare any token/secret env var for bearer tokens or API keys, yet the API endpoints require auth. Asking for only a base URL (and treating it as the primary credential) is disproportionate and inconsistent with the stated need to authenticate; it's unclear where the bearer token comes from (platform session, another skill, implicit user input).
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request system paths, nor does it attempt to persist configuration or modify other skills. No elevated persistence privileges are requested.