Skillv1.0.0

ClawScan security

Emotion Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 9:49 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (emotion detection) matches its instructions, but it relies on a third‑party paid API and a blockchain payment flow without declaring how credentials/wallets are supplied, which is an unexplained inconsistency and a privacy/payment risk.
Guidance: This skill calls a third-party paid API (anicca-proxy-production.up.railway.app) and expects payment via an x402 flow on the Base blockchain. Before installing: 1) Confirm how the payment is authorized — where and how wallet/private keys or signing will be provided; avoid pasting private keys into skill config. 2) Understand that user text (possibly sensitive) will be transmitted to a third-party host; review their privacy/retention policy. 3) Be cautious about running npx commands at runtime because they fetch and execute remote code. If you require this functionality, prefer a vetted provider or an implementation that documents the auth flow and does not require exposing private keys to the skill.

Review Dimensions

Purpose & Capability: noteThe name/description (emotion detection) align with the SKILL.md which calls an external emotion-detection API. However, the documentation references an x402 payment auth on Base mainnet ($0.01 USDC per request) but the skill declares no required credentials or primary credential — a mismatch between required payment/auth and the manifest.
Instruction Scope: concernRuntime instructions direct the agent to POST user text to an external HTTPS endpoint (anicca-proxy-production.up.railway.app) and to use npx awal@2.0.3 for payment. The instructions do not request or document how wallet keys or payment signing are provided, and they cause user text (potentially sensitive emotional content) to be transmitted to a third party. The SKILL.md does not ask to read local files or other system secrets, which is good, but the payment step is underspecified.
Install Mechanism: noteThis is instruction-only (no install spec), so nothing is written by default. However examples use npx to fetch/run an npm package (awal@2.0.3) at runtime, which will pull code from the npm registry when executed — an implicit install/download step that has trust/privacy implications.
Credentials: concernThe manifest lists no required environment variables or credentials, yet the SKILL.md requires x402 payment authentication on Base mainnet. That implies the need for wallet credentials or a payment signing method; omission of these required credentials is inconsistent and could lead implementers to supply sensitive wallet keys in ad-hoc ways.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not attempt to modify agent/system settings. It appears to run on demand only.