Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
resolved-sh
v0.1.4Trigger this skill when the user wants to launch their agent as a business on the open internet — a live page, a data storefront, a subdomain, and optionally...
⭐ 0· 140·0 current·0 all-time
by@hichana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the runtime instructions: endpoints, publishing, domain purchases, data storefront, and activity events are all described and consistent with a service that issues API keys. However the registry metadata provided to the evaluator said no required env vars while the SKILL.md declares a required RESOLVED_SH_API_KEY — that mismatch is unexplained and should be corrected.
Instruction Scope
Instructions are instruction-only (no code) and limit actions to calls against resolved.sh endpoints (llms.txt, openapi.json, /publish, /register, /domain, /events, etc.). The skill explicitly tells the agent to read RESOLVED_SH_API_KEY from the environment and to avoid asking users to paste credentials. It also supports autonomous paid flows and domain purchases; the doc says paid actions should require explicit confirmation by default but also advertises fully autonomous operation — this is a policy/behavior ambiguity that should be clarified. The skill references external endpoints (resolved.sh) as expected for its function; it does not instruct the agent to read unrelated files or system secrets in the provided SKILL.md.
Install Mechanism
Instruction-only skill with no install spec and no code files — there is no package download or archive extraction. Low install risk.
Credentials
The SKILL.md requires RESOLVED_SH_API_KEY (declared required in skill metadata inside SKILL.md) which is proportionate for an API-driven service. However the registry summary given to the evaluator listed 'Required env vars: none' — an inconsistency. The skill also discusses optional ES256 JWT keys and x402 (EVM) wallet private keys: while the skill claims it does not handle private keys, the real-world flows will require the agent/runtime to hold wallet keys or sign payments for domain purchase/payouts. That expands the sensitive credential surface and should be disclosed clearly in registry metadata.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not appear to modify other skills or system-wide config. Autonomous invocation is allowed (platform default) — combine that with the presence of payment actions only if you intentionally opt in to autonomous payments.
What to consider before installing
Before installing or enabling this skill: 1) Ask the publisher for source code or a canonical GitHub repo and verify the openapi.json / llms.txt endpoints match that repo. 2) Confirm and correct the metadata mismatch: SKILL.md requires RESOLVED_SH_API_KEY but the registry metadata reported none — ensure the registry entry accurately lists required env vars. 3) Only allow autonomous payment mode if you fully trust the service; by default the skill should ask for explicit approval for paid actions. 4) Treat any runtime wallet/private-key access as high-sensitivity: prefer a hardware or host-managed wallet, use minimal-scope API keys, and test with low-value payments first. 5) Verify HTTPS endpoints and review the openapi spec for any unexpected endpoints (especially ones that set payout addresses or perform withdrawals). If the publisher cannot provide provenance or an open-source repo, consider this skill higher risk and avoid enabling autonomous payments or providing long-lived keys.Like a lobster shell, security has layers — review code before you run it.
latestvk972m0kzsn3vgdcpcjg3qd5k35840y8c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.