Skillv1.1.2

ClawScan security

Youtube Video Ideas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 4:34 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's code mostly matches its advertised purpose, but there are clear mismatches and risky choices (hardcoded merchant key, undeclared binary dependency on a local 'openclaw' CLI, and inconsistent metadata) that warrant caution before installing.
Guidance: This skill is plausible for generating video ideas, but exercise caution before installing or running it: 1) The package runs a local 'openclaw' CLI (spawns a child process). Ensure you trust the 'openclaw' binary and understand that the skill will execute it with user-provided prompts. 2) The code contains a hardcoded SKILLPAY merchant key — this can be used to process charges through the skill's payment endpoint. Prefer not to use the embedded key; confirm the merchant identity, replace it with your own key, or use the --test flag when available. 3) The registry metadata omits the required local binary and env vars; treat this as an authoring oversight and ask the publisher to correct it. 4) package-lock entries point to a non-default npm mirror (mirrors.tencentyun.com); verify dependency provenance. Recommendations: review the repository and author, run the tool in a sandbox or VM first, avoid providing sensitive keys, and if you need to use it, override the embedded merchant key with a key you control or use test mode to avoid unexpected charges. If the author updates metadata to declare the openclaw binary requirement and removes the embedded merchant key (or documents it clearly), re-evaluate — that would reduce the concerns.

Review Dimensions

Purpose & Capability: concernDescription: a YouTube ideas generator. Actual footprint: index.js invokes a local 'openclaw' CLI to run a 'sloan' agent and makes payment API calls. Registry metadata declares no required binaries or env vars, but the runtime requires a local 'openclaw' binary and (optionally) SKILLPAY_MERCHANT_KEY/OPENCLAW_GATEWAY_TOKEN. The undeclared dependency on an external CLI is an incoherence.
Instruction Scope: concernSKILL.md usage is narrowly scoped to generating ideas and mentions optional env vars and a local OpenClaw gateway. The implementation actually spawns a local 'openclaw' process with the full prompt (executes a local agent) and calls an external payment API. SKILL.md mentions OPENCLAW_GATEWAY_TOKEN but the code does not use it. The instructions and code differ and give the agent permission to run a local binary and perform network requests (payment).
Install Mechanism: noteNo install spec (instruction-only) in registry, but the package includes index.js and a package-lock. Dependencies are standard (axios). package-lock shows dependencies resolved from a Tencent mirror (mirrors.tencentyun.com) rather than the default npm registry — this is unusual and should be checked but not necessarily malicious.
Credentials: concernThe code uses process.env.SKILLPAY_MERCHANT_KEY (optional) but embeds a default merchant key in source code. Embedding a merchant key in the repo is a sensitive practice: it could enable unexpected charges or tie payments to a third party. SKILL.md also advertises OPENCLAW_GATEWAY_TOKEN as an env var (not actually consumed by index.js). The registry declared no required env vars, creating a metadata mismatch.
Persistence & Privilege: okThe skill does not request always:true, does not alter other skills' configs, and does not declare any system-wide persistent privileges. Autonomous invocation is allowed by default (normal).