Back to skill
Skillv1.0.2
ClawScan security
EdgeOS Applications · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 9:44 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and instructions are coherent with its stated purpose (submitting EdgeOS popup applications and handling ticket payments including an x402 crypto flow); it does not request unrelated credentials or remote installs, but it does persist JWTs to local state and expects the agent to handle wallet signing.
- Guidance
- This skill appears to do what it claims: it talks to a single backend (BASE_URL), uses email OTP to get JWTs, persists JWTs under scripts/.state, and orchestrates application submission and either checkout-link or x402 crypto payments. Things to consider before installing: 1) the skill will store session JWTs on disk (scripts/.state) — if you share the agent workspace, those tokens could be exposed; 2) the skill expects you or your agent to sign crypto payments (it does not hold private keys) but it can submit a payment request if given the signature/header — confirm payments explicitly; 3) the skill reads workspace USER.md for prefill data — ensure that file contains only data you want the skill to use; 4) verify the BASE_URL (https://api-citizen-portal.simplefi.tech) is the expected service for your use case. If any of those behaviors are unacceptable, review/modify the scripts (they are bundled) or do not enable the skill.
Review Dimensions
- Purpose & Capability
- okName/description align with the included scripts and references. All network calls target the single documented API base (BASE_URL in scripts/env.sh) and the scripts implement OTP auth, application submit/check, product listing, preview/create checkout flows, and x402 payment challenge/submit as described.
- Instruction Scope
- noteSKILL.md explicitly instructs the agent to use the provided scripts, to read reference docs, and to prefill from a workspace USER.md. Reading USER.md for prefill is reasonable for this purpose but is an extra source of user data not declared in manifest. Scripts persist and reuse JWTs from a local scripts/.state directory—this is expected for session management but worth noting.
- Install Mechanism
- okThere is no install spec or remote download; the skill is instruction-first with bundled shell scripts. No external package installs or network downloads occur at install time, which reduces supply-chain risk.
- Credentials
- okThe skill does not declare or require unrelated secrets. It operates with OTP-derived JWTs and optional SESSION_EMAIL/JWT env usage. That credential model is proportional to tasks (authenticate and call the API).
- Persistence & Privilege
- notealways:false and user-invocable: true (normal). The scripts persist JWT tokens into files under scripts/.state and will read them automatically; combined with autonomous invocation this increases blast radius if the agent is allowed to act without clear user consent for payments. The SKILL.md includes guardrails to confirm before submission and to never expose OTP/JWTs.