ClawHub
Back to skill
v1.0.5

SkillzMarket

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill matches its stated purpose, but it requires a wallet private key and can automatically spend USDC on external or arbitrary endpoints, so it needs careful review before installation.

GuidanceInstall this only if you intentionally want OpenClaw to call paid Skillz Market/x402 services. Use a dedicated low-balance wallet, require explicit approval before every paid call, avoid arbitrary direct endpoints unless you trust them, and do not send sensitive data to third-party skills.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
- `call <slug> <json>` - Call a skill with automatic x402 payment
- `direct <url> <json>` - Call any x402-enabled endpoint directly

The skill exposes paid calls, including an arbitrary direct URL mode, but the artifacts do not show spending caps, confirmation requirements, verified-only defaults, or endpoint restrictions.

User impactAn agent invocation could result in real USDC payments, including to an arbitrary x402 endpoint, without a clearly documented approval or maximum spend boundary.
RecommendationUse only with explicit user approval for each paid call, prefer verified/listed skills, avoid the direct endpoint mode unless necessary, and enforce wallet or platform-level spending limits where possible.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
package.json
"@x402/fetch": "^2.2.0",
"@x402/evm": "^2.2.0",
"viem": "^2.0.0",
"tsx": "^4.21.0"

The package uses semver ranges for dependencies that participate in payment signing and runtime execution.

User impactFuture dependency resolution could change behavior in code paths that handle wallet signing and paid network requests.
RecommendationInstall from a trusted source, prefer a lockfile or pinned dependency versions, and verify dependency provenance before providing a wallet private key.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
skillz-cli.ts
const PRIVATE_KEY = process.env.SKILLZ_PRIVATE_KEY as `0x${string}`;
const account = privateKeyToAccount(PRIVATE_KEY);
registerExactEvmScheme(client, { signer: account });

The code reads a raw wallet private key and converts it into a signer for payment requests.

User impactA wallet private key is highly sensitive; if misused, exposed, or paired with unsafe paid calls, funds controlled by that wallet could be spent.
RecommendationDo not use a main wallet. Use a dedicated low-balance wallet for this skill, rotate the key if exposed, and remove the credential when not needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
skillz-cli.ts
const response = await paymentFetch(skill.endpoint, {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: input,
});

User-provided JSON input is sent to an external skill endpoint returned by the marketplace API.

User impactAny data included in the request may be seen and processed by an external paid skill provider.
RecommendationReview the target skill or endpoint before sending data, and avoid including secrets, credentials, private documents, or regulated information unless you trust that provider.