Back to skill
Skillv0.0.5
ClawScan security
Pay Bills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 20, 2026, 1:18 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior mostly matches its stated purpose (buying airtime/data) but has packaging and runtime inconsistencies (notably it omits that node is required) and persists a plaintext session token in the skill directory — these issues warrant caution before installation.
- Guidance
- Things to check before installing: - Ensure Node.js is available in the runtime environment (SKILL.md requires running node scripts; metadata incorrectly lists no required binaries). - Verify the external API host (https://lodu.bleon.net/v1) is legitimate and operated by the payment provider you expect — the skill's source/homepage are unknown. - Be aware the skill saves a plaintext session token to .session_token inside the skill directory; consider whether that file could be accessed by other users/processes. If you proceed, restrict file permissions or modify the workflow to use a secure secret store. - Confirm you are comfortable with the agent sending phone numbers, OTPs/PINs, and wallet-related requests to the external API. - Ask the author to update metadata to declare 'node' as a required binary and to document where the token is stored (and preferably offer a secure storage alternative). - If you cannot validate the endpoint and author, avoid installing or only test in an isolated environment.
Review Dimensions
- Purpose & Capability
- noteThe name, description, and SKILL.md all describe a bills/data/airtime purchasing integration and the included scripts (order-id, device-id, session-token) are coherent with that purpose. However, the runtime instructions require running Node.js scripts but the skill metadata lists no required binaries — this is an inconsistency in packaging that may break runtime behavior or mask expectations about what the agent will execute.
- Instruction Scope
- noteInstructions explicitly tell the agent/operator to call external API endpoints at https://lodu.bleon.net/v1 and to run local Node.js scripts that generate IDs and persist/load a session token file (.session_token). The SKILL.md does not instruct reading unrelated files or environment variables. The primary scope creep concerns are: (1) the skill will transmit phone numbers, PINs/OTP flows, and a sessionToken to an external endpoint (which is expected for this functionality but should be verified), and (2) it writes and reads a plaintext token file in the skill directory — a sensitive local artifact.
- Install Mechanism
- okThere is no install spec (instruction-only plus small helper scripts). That minimizes supply-chain installation risk. The included JS files are short, readable, and not obfuscated. No downloads, package installs, or archive extraction are performed by the skill.
- Credentials
- noteThe skill declares no required environment variables or credentials, which aligns with using a session token flow. However, it persists the session token to a plaintext file (.session_token) in the skill directory; this is sensitive and could be readable by other processes or users on the same host. Also, the metadata omission of 'node' as a required binary is disproportionate to the runtime instructions that rely on Node.js.
- Persistence & Privilege
- okThe skill is not force-installed (always:false) and does not request system-wide configuration changes. It simply reads/writes a token file within its own directory and does not modify other skills or system-wide settings.