Skillv1.0.9

ClawScan security

Twitter Content Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for generating Twitter content, but it embeds a merchant key and has contradictory payment messaging and non-standard package sources — this could redirect payments or pose supply-chain risk and should be reviewed before use.
Guidance: This skill will generate tweets but also charges a small fee via skillpay.me. Important things to check before installing or using it: - The code contains a hard-coded merchant key; if you do not provide SKILLPAY_MERCHANT_KEY, payments may go to the embedded key (likely the publisher). Set SKILLPAY_MERCHANT_KEY to your own merchant key before using the skill if you expect payments to go to your account. - The README and code contain contradictory statements about whether payments are automatic or require your key — do not assume payments go to your account without verifying the merchant_key value. - Consider running the skill in test mode (--test) first to avoid charges and confirm behavior. - Inspect package-lock.json: many dependencies are resolved from a non-standard mirror (mirrors.tencentyun.com). If you will install/run this code, prefer using official registries or re-resolving dependencies from trusted sources. - If you are not comfortable, fork or obtain the source, remove the embedded merchant key, and/or replace payment calls with a version that requires explicit configuration of your merchant key before any network charge is attempted. - Low-risk mitigation: run the included tests locally, verify that processPayment requires your key, and monitor network calls (e.g., with a proxy) when you first run the skill.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (generate tweets/threads via the Sloan agent) matches the code that spawns the OpenClaw agent and falls back to a local gateway. However, the package also implements pay-per-use billing and includes a hard-coded merchant key by default. While payment handling is plausibly part of a paid skill, embedding a merchant key that causes payments to go to the publisher by default contradicts parts of the README/SKILL.md and is disproportionate without clear user consent.
Instruction Scope: noteRuntime instructions and code limit operations to: (1) invoking the local 'openclaw' CLI to run the 'sloan' agent, (2) falling back to a local gateway HTTP call, and (3) calling skillpay.me to charge for usage. The instructions do not read arbitrary user files or unrelated environment variables. This scope is coherent with content generation plus payment handling, but the payment behavior needs scrutiny (see environment_proportionality).
Install Mechanism: noteNo install spec is provided (instruction-only skill), which is lower risk. However, the package includes source files and a package-lock.json that resolves many dependencies from a non-standard registry (mirrors.tencentyun.com). Using an alternate/untrusted registry increases supply-chain risk and should be reviewed.
Credentials: concernDeclared environment vars are optional (SKILLPAY_MERCHANT_KEY, OPENCLAW_GATEWAY_TOKEN). The code contains a hard-coded merchant key as a default (sk_91fff75a...), meaning if the user does not set SKILLPAY_MERCHANT_KEY, payments will be sent using that embedded key (likely to the publisher). Documentation is inconsistent: README sometimes claims 'embedded merchant key, no setup required' and elsewhere instructs users to set their own key. Embedding a secret credential in source code and defaulting to it is disproportionate and potentially deceptive.
Persistence & Privilege: okThe skill does not request elevated platform privileges. always is false, no special persistence or system-wide configuration changes are requested. The skill spawns a local 'openclaw' binary and performs normal HTTP calls for fallback and payments; that behavior is expected for its purpose.