Skillv1.0.7

ClawScan security

Blog Title Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:53 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (generate SEO titles), but there are inconsistencies and a few red flags — notably a hardcoded merchant key, a mismatch about required binaries, and some sloppy code/packaging — so proceed with caution.
Guidance: This skill appears to do what it claims, but there are a few things to check before installing or running it: - Verify the 'openclaw' binary you will execute is legitimate and from a trusted source; the skill runs this CLI locally. - The package contains a hardcoded SKILLPAY merchant key. If you care where payments go, replace SKILLPAY_MERCHANT_KEY with your own merchant key or use the --test flag to avoid charges during evaluation. Embedded merchant keys mean the author (or whoever controls that key) will receive payments by default. - The registry metadata omits the required 'openclaw' binary; expect to need OpenClaw/Sloan locally even though the metadata lists none. - package-lock.json shows dependencies fetched from mirrors.tencentyun.com (a non-default registry mirror). If you will install dependencies, consider auditing or re-resolving from a registry you trust (npmjs.org) to reduce supply-chain risk. - The index.js file appears to have sloppy code (a malformed spawn/Promise fragment), which suggests limited maintenance quality; consider reviewing the code or running it in a sandbox first. If you want to proceed: run in test mode first (--test), audit/replace the merchant key, ensure openclaw CLI is genuine, and preferably run inside an isolated environment until you are comfortable.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (headline/SEO generator) matches the code's behavior (calls a local 'openclaw' agent to produce titles and charges via a payment API). However the registry metadata declares no required binaries while index.js spawns the 'openclaw' CLI (so the 'openclaw' binary is in fact required). SKILL.md also references an OpenClaw Gateway and Sloan agent, which aligns with the code, but the metadata omission is incoherent and could mislead users about prerequisites.
Instruction Scope: noteSKILL.md is largely usage documentation (CLI examples) and aligns with the code. It mentions optional env vars (SKILLPAY_MERCHANT_KEY, OPENCLAW_GATEWAY_TOKEN). The code uses SKILLPAY_MERCHANT_KEY (or a default embedded key) but does not use OPENCLAW_GATEWAY_TOKEN, so that env var is documented but unused. Instructions assume a local OpenClaw agent/CLI will be executed — this requires running a local binary which the skill will invoke.
Install Mechanism: noteThere is no install spec (instruction-only in metadata) but the package includes index.js and a package.json with axios dependency. package-lock.json shows dependencies resolved via a non-default mirror (mirrors.tencentyun.com), which is nonstandard and increases supply-chain visibility risk. No remote arbitrary downloads or extract operations are present in the package.
Credentials: concernThe code contains a hardcoded merchant key (SKILLPAY merchant_key) embedded in CONFIG and will POST it to a payment API by default. That is functional for pay-per-use but is a secret baked into the package and could send payments/transaction records to the hardcoded recipient without the user supplying their own key. Documented OPENCLAW_GATEWAY_TOKEN is not used in code. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request persistent or privileged installation (always:false), does not modify other skills or system config, and does not store its own auth beyond using the merchant key for each payment call. It does invoke a local binary, which is expected for an OpenClaw skill.