ClawHub

MinerDetector

v1.0.0

Charge 0.01 USDT to export 4 bundled miner signature libraries. No scanning or detection.

0· 76·0 current·0 all-time
by@gwjt1234
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (billing + export of four signature libraries) matches the code and SKILL.md. Requested python runtime and a single billing API key (MINERDETECTOR_API_KEY) are appropriate for making HTTP calls and returning/writing the bundled files.
Instruction Scope
SKILL.md instructs the agent to run the included Python script to check balance, generate payment links, or fetch/export the 4 bundled files. The skill explicitly states it does not scan system files/processes/networks, and the shipped script only reads the bundled indicator files and optionally writes them to an output directory or returns them as JSON.
Install Mechanism
There is no install spec (instruction-only plus a small included Python script). Nothing is downloaded from remote URLs or written to system locations during install; risk from install mechanism is minimal.
Credentials
The skill requires a single API key (MINERDETECTOR_API_KEY), which is proportionate. One minor discrepancy: the script also reads MINERDETECTOR_BILLING_API_URL (defaulting to https://skillpay.me) but that env var is not declared in SKILL.md's requires list. Because the API key is sent as an X-API-Key header to the billing host, you should only use a key you trust and ensure the billing host is legitimate.
Persistence & Privilege
always is false, the skill does not request persistent system privileges, and it only writes files to an output directory chosen by the user (or returns file contents as JSON). It does not alter other skills or global configuration.
Assessment
This skill appears to do exactly what it says: charge via a billing API and export four bundled text files. Before installing, consider: 1) the script will send MINERDETECTOR_API_KEY to the billing host (default https://skillpay.me) — only use an API key you trust and verify the billing endpoint; 2) the script can return the files as JSON (printed to stdout), which exposes the bundled file contents but does not access any other local data; 3) SKILL.md does not declare the optional MINERDETECTOR_BILLING_API_URL env var that the script can read — avoid setting that to an untrusted host; and 4) this skill does not perform scanning or remediation, so you will need to run your own comparisons against local data. If you want extra safety, create a limited-scope API key for billing and review the small Python script before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715sa99jcd533xw6k8mhvwa98394an

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
OSLinux · macOS · Windows
Any binpython3, python, py
EnvMINERDETECTOR_API_KEY
Primary envMINERDETECTOR_API_KEY

Comments