Skillv1.0.0

ClawScan security

Airdrop Hunter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 6, 2026, 1:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's airdrop reporting code is simple and local, but the README claims a per-call fee and provides a wallet address while the code contains no payment handling or network access — this mismatch and the solicitation of money are concerning.
Guidance: Do not send money to the listed wallet address. The skill's code is a local mock dataset and does not implement any payment, network queries, or blockchain checks — the README's claim of charging 0.001 USDT appears to be a manual solicitation rather than enforced billing. If you consider using this skill: (1) run and inspect the Python file locally in an isolated environment to confirm behavior, (2) require a transparent, verifiable payment flow (receipts, on-chain transaction checks, or an integrated payment API) before sending funds, (3) prefer skills with a known author/homepage and clear privacy/payment policies, and (4) disable autonomous invocation if you do not want the agent to call this skill without explicit approval. If the author can show code or a documented mechanism that legitimately enforces the charge and performs genuine on-chain checks/APIs, the assessment could move toward benign; absent that, treat it with caution.

Purpose & Capability: noteThe stated purpose (discovering and tracking airdrops) matches the included script at a superficial level, but the implementation is a static local dataset (no API/chain queries). The SKILL.md claims automatic discovery and tracking, which the code does not actually implement. The README also asserts a per-call charge which is not enforced by or integrated into the code.
Instruction Scope: concernRuntime instructions simply run a local Python script, which is fine and limited in scope, but the SKILL.md explicitly solicits payment (0.001 USDT) and provides a wallet address with no instructions for verification or enforcement. That creates a social-engineering risk: users may be urged to send funds without technical means to validate service delivery.
Install Mechanism: okNo install spec is present (instruction-only with a simple bundled script). Nothing is downloaded or executed from external URLs during install, so no immediate supply-chain risk from installation.
Credentials: okThe skill requests no environment variables, no credentials, and the code does not read files or network resources. Requested access is proportionate to the actual (limited) functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent/system-level privileges. It does not modify other skills or agent configuration.