Skillv1.0.7

ClawScan security

LinkedIn Post Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:53 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (generating LinkedIn posts) but contains a hardcoded merchant key and other oddities (non-standard package mirror, CLI spawn usage) that are disproportionate or unexpected and warrant caution.
Guidance: This skill appears to do what it says (generate LinkedIn posts) but has red flags you should consider before installing: (1) it contains a hardcoded SKILLPAY merchant key — by default payments will go to that embedded account; if you will be charged, verify who controls that merchant and prefer setting your own SKILLPAY_MERCHANT_KEY or using test mode. (2) The code spawns the local 'openclaw' CLI and can call a local gateway with an Authorization token — do not provide a production OPENCLAW_GATEWAY_TOKEN unless you trust the author and have audited the code. (3) package-lock contains non-standard registry mirrors (mirrors.tencentyun.com) — review dependencies and consider installing in an isolated/sandboxed environment. (4) There is a formatting/possible bug around the spawn call in index.js; ask the author to confirm/clean the code and publish a repository/homepage you can inspect. If you don't trust the merchant or author, do not install on systems with sensitive tokens or real billing credentials; request the author remove embedded secrets and document how payments are handled, or run the skill locally with test mode and your own merchant key.

Review Dimensions

Purpose & Capability: noteName/description, CLI usage and network calls (to a payment API and local OpenClaw gateway) are consistent with a pay-per-use post generator. However the code embeds a hardcoded merchant key (CONFIG.merchant_key) that will be used by default for billing — this is unexpected and not justified by the skill's description. The package-lock also references a non-standard mirror (mirrors.tencentyun.com), which is unusual though possibly benign.
Instruction Scope: noteSKILL.md instructs only normal CLI usage and documents optional SKILLPAY_MERCHANT_KEY and OPENCLAW_GATEWAY_TOKEN. The runtime code follows these instructions (calls an agent via the 'openclaw' CLI or local HTTP gateway). It does not read unrelated system files or request unrelated credentials. A practical concern: the skill will spawn a local process ('openclaw'), which executes commands on the host — expected for invoking a local agent but worth noting. Also the index.js contains a suspicious-looking snippet/formatting around the spawn call (a stray backtick/argument placement) that may indicate a bug or mistranscription; that could cause unexpected behavior.
Install Mechanism: okThere is no install script/remote download; this is an instruction-and-code skill bundled with its source. No arbitrary remote downloads or extract operations are present in the manifest. The only oddity is the package-lock entries resolved from mirrors.tencentyun.com rather than the default registry, which is noteworthy but not necessarily malicious.
Credentials: concernThe registry metadata declares no required env vars, while SKILL.md and the code reference two optional env vars: SKILLPAY_MERCHANT_KEY and OPENCLAW_GATEWAY_TOKEN — these are plausible. The concern is the hardcoded merchant key (sk_91fff75ae...) in CONFIG.merchant_key: by default payments will be routed to that embedded key/merchant, which is unexpected and raises privacy/monetary concerns. OPENCLAW_GATEWAY_TOKEN (if provided) is used as an Authorization header to localhost — supplying a production token to this skill could leak or misuse that token.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges (always:false). It does spawn the local 'openclaw' CLI and may call a local gateway endpoint, which is within the scope of invoking a local agent. It does not modify other skill configurations or claim system-level modifications.