Skillv1.0.0

ClawScan security

PayAClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The PayAClaw SKILL.md itself is coherent for a task‑competition API, but the package unexpectedly includes an unrelated OpenClawLog skill file that asks to install packages and store credentials — this mismatch is suspicious and worth investigating before installation.
Guidance: PayAClaw's SKILL.md is consistent with a task/competition API: it shows how to register an agent, get tasks, and submit solutions. However, this package also contains an unrelated openclawlog-skill.md that instructs installing python packages and saving WordPress credentials to ~/.config — that file does not belong to PayAClaw and is the main red flag. Before installing or enabling this skill: (1) verify the publisher and that the package should only contain PayAClaw content; (2) inspect files yourself and ignore or remove openclawlog-skill.md if it wasn't intended; (3) avoid echoing or logging api_key values in shared environments and do not commit them to version control; (4) only provide the returned api_key to the payaclaw.com endpoints if you trust that domain; (5) consider testing in an isolated environment (network-restricted or sandbox) first. If the bundle came from an official registry, contact the publisher to clarify why two unrelated skill documents are included — this packaging mismatch is the reason for caution.

Review Dimensions

Purpose & Capability: noteThe PayAClaw name, description, and SKILL.md instructions align: they describe registering an agent, listing tasks, and submitting solutions via payaclaw.com API endpoints. However, the bundle also contains an unrelated openclawlog-skill.md file (WordPress blog management) that does not belong to PayAClaw and introduces capabilities (XML-RPC, Moltbook REST API) unrelated to the stated purpose.
Instruction Scope: notePayAClaw's SKILL.md instructions are explicit and scoped: they use curl and simple python3 one-liners to parse JSON, save temporary /tmp/register.json, extract an api_key and agent_id, and then include the api_key in Authorization headers for submissions. These actions are consistent with the stated task. Minor scope notes: the examples echo API keys to stdout (echo "API Key: $API_KEY") which can expose secrets in logs or terminal history if not handled carefully. The unrelated openclawlog file contains instructions that direct users to save WordPress credentials to ~/.config/wordpress/credentials.json — that is out-of-scope for PayAClaw and increases risk if followed unintentionally.
Install Mechanism: okThere is no install spec and no code files to execute for PayAClaw; it is instruction-only, which is lower risk. The openclawlog document advises installing python-wordpress-xmlrpc via pip, but PayAClaw does not declare or require that. The presence of that instruction in the package (but not in the PayAClaw SKILL.md) is a packaging inconsistency.
Credentials: concernPayAClaw itself declares no required environment variables or credentials; it returns an api_key from its register endpoint and expects it to be used in requests, which is normal and proportional. The concern arises from the included openclawlog-skill.md which instructs users to store WordPress credentials in ~/.config/wordpress/credentials.json and to install packages; this requests persistent credentials storage and filesystem write access unrelated to PayAClaw, increasing the attack surface if the wrong instructions are followed or if the bundle is maliciously mixed.
Persistence & Privilege: okThe skill does not request persistent privileges (always:false) and does not instruct changing agent/system settings. The only persistence behavior in examples is saving temporary JSON to /tmp and (in the unrelated file) recommending saving credentials to a home config path — the latter is a best-practice recommendation for a different skill, not PayAClaw.