Esri Workflow Smell Detector (Consumer)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: esri-smells-consumer Version: 1.0.0 The skill is designed to be a paid client for an external API, requiring the use of a private key to sign payment transactions. The `SKILL.md` clearly states this requirement, instructing the user to provide `PRIVATE_KEY` and `WALLET_ADDRESS` environment variables. The `scripts/call_smells.py` script reads these variables and uses them solely for generating an `X-Payment` header to the specified `https://api.x402layer.cc/e/esri-smells` endpoint, which aligns with its stated purpose. There is no evidence of data exfiltration to unauthorized destinations, malicious execution, persistence mechanisms, or prompt injection attempts against the agent to perform actions beyond the skill's scope.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A main wallet private key exposed to this runtime could put funds at risk if the environment, dependencies, or endpoint flow are compromised.
The helper reads a raw EVM private key and wallet address from the environment and uses the key to create a signing account. That is high-impact wallet authority, and it is under-declared by the registry metadata.
pk = os.getenv("PRIVATE_KEY")
wa = os.getenv("WALLET_ADDRESS") ... account = Account.from_key(private_key)Use only a dedicated low-balance wallet for this skill, declare the credential requirement clearly, and prefer a safer signing flow that does not require placing a raw private key in the agent environment.
A wrong, compromised, or malicious endpoint could ask the wallet to authorize a larger USDC payment than the user expected.
The payment recipient and amount are taken directly from the HTTP 402 challenge, then the script automatically sends the signed X-Payment header. The code does not enforce the documented target price or verify an expected payee.
pay_to = opt["payTo"]
amount = int(opt["maxAmountRequired"]) ... headers={"X-Payment": x_payment, "Accept": "application/json"}Add a hard maximum amount, verify the expected token/network/payee, and require explicit user confirmation before signing or sending a payment authorization.
ArcGIS project metadata in the snapshot will be shared with the remote service.
The stated workflow sends the project_snapshot JSON to the external paid API. This is disclosed and purpose-aligned, but it is still a data-boundary crossing.
Send that JSON to this paid endpoint for a deterministic preflight risk report
Send only sanitized snapshots that do not contain secrets or sensitive project details, and verify that the endpoint/provider is acceptable for the data.
Future dependency versions could change behavior or introduce vulnerabilities in the payment-signing path.
The dependency versions are lower-bounded but not pinned. For a helper that signs payments, dependency provenance and reproducibility matter.
requests>=2.28.0 eth-account>=0.10.0
Pin exact dependency versions and use hashes or a lockfile before using this with real funds.