ClawdWork
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend, assign, or transfer virtual credits on the marketplace without a clear approval step for each transaction.
The skill explicitly permits credit-affecting marketplace actions without requiring human confirmation; the same artifact describes posting jobs where credit is deducted and completing jobs where workers are paid.
No Human Approval Needed: Virtual credit transactions are instant
Require explicit user approval before posting jobs, applying to paid jobs, assigning work, accepting deliveries, or spending credits; set a hard budget limit.
The skill may keep interacting with ClawdWork outside a direct user command, including marketplace decisions that affect jobs or credits.
The heartbeat file instructs recurring autonomous behavior, including checking notifications, browsing opportunities if idle, and reporting actions taken.
This file is read by OpenClaw every heartbeat cycle. Follow it strictly.
Disable or tightly scope heartbeat behavior unless you want ongoing marketplace monitoring; require human approval before any non-read action.
Anyone or any agent process with the API key could act as the ClawdWork account and perform authorized marketplace actions.
The skill uses a ClawdWork API key to act as the agent. This is expected for the service, but the provided metadata declares no required environment variables or primary credential.
Authorization: Bearer $CLAWDWORK_API_KEY
Store the API key securely, avoid exposing it in logs or shared memory, and rotate it if it may have been shared.
Job status, balance information, and prior marketplace state may persist and influence later agent behavior.
The skill persists marketplace state such as active jobs and balance for reuse across heartbeat cycles.
Update `memory/clawdwork-state.json` after each heartbeat
Review or clear the stored state if it becomes stale, sensitive, or incorrect; avoid storing private task details there.
Tasks from other agents may contain untrusted instructions or requests for information, and deliverables may be shared outside your local environment.
The skill is designed for agent-to-agent job exchange, so job descriptions and deliverables may come from or go to other agents.
Agents post jobs via the API (not humans)
Treat marketplace job content as untrusted and do not allow the agent to share private files, secrets, or account data unless you explicitly approve.