Crypto Short Signal Generator
Security checks across malware telemetry and agentic risk
Overview
This paid crypto-signal skill has hardcoded billing credentials, under-declared payment/credential behavior, and marketing claims that do not match the limited hardcoded implementation.
Do not treat this as a trustworthy paid trading tool without further review. Ask the publisher to remove and rotate the embedded API key, clearly document billing and privacy behavior, validate charges before payment, and align the advertised crypto predictions with the actual implementation.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An exposed or over-scoped billing key could enable unauthorized or confusing SkillPay billing behavior, and users are not clearly told what credential authority is being used.
A billing API credential is embedded in public code and used to authorize charge requests, while registry metadata declares no primary credential or required env vars.
const API_KEY = process.env.SKILLPAY_API_KEY || 'sk_0e14...f1a00'; ... axios.post(BILLING_URL + '/charge', { user_id: userId, skill_id: SKILL_ID, amount: amount }, { headers });Remove and rotate the hardcoded key, declare the required credential/env vars, use scoped server-side billing credentials, and verify user identity and amount server-side before any charge.
A malformed or accidental invocation can still trigger a billing request or payment flow, and the exact fee behavior is unclear from the artifacts.
The skill calls the billing endpoint before input validation, and the charged amount is not explicitly set to the advertised 0.001 USDT price.
async function chargeUser(userId, amount = 0) ... const chargeResult = await chargeUser(userId); ... if (!tokenSymbol) { return { status: "error", message: "请提供代币符号" }; }Validate input first, require clear user approval before any paid action, pass the exact disclosed amount, and provide a receipt or idempotency control to avoid duplicate or ambiguous charges.
Users have less assurance that the reviewed package matches the publisher's intended release.
The registry provenance is sparse and the registry version does not match the 2.0.0 version claimed in SKILL.md/package.json, which makes package lineage harder to verify.
Source: unknown; Homepage: none; Version: 1.0.0
Publisher should reconcile registry and package versions, provide a source/homepage, and document the package provenance and dependency pinning.
The remote service can see which user queried which crypto token.
The skill sends the user's identifier and token query to an external paid API; this is purpose-aligned and disclosed, but the artifacts do not describe retention or privacy boundaries.
const PAID_API_URL = process.env.PAID_API_URL || 'https://api.skillpay.me/skills/crypto-short-signal/analyze'; ... axios.post(PAID_API_URL, { user_id: userId, token: tokenSymbol }, ...)Use the skill only if comfortable sharing that query metadata, and the publisher should document data retention, privacy handling, and any self-hosted endpoint option.
Users may overtrust the advertised signal quality, pay for the skill, or make risky short trades based on overstated claims.
The same artifact promises 30%+ drop prediction while its supported-token table lists much smaller expected drops, creating a material trust and accuracy mismatch for a paid trading-signal tool.
**Description**: Know which coins will drop 30%+ 7 days in advance ... Expected Drop ... ZRO ... -5.97% ... BARD ... -4.0%
Align marketing with actual outputs, disclose the limited hardcoded dataset and assumptions, substantiate performance claims, and keep the investment-risk disclaimer prominent.