Skillv1.0.0

ClawScan security

picoads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 12:11 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested credentials and runtime instructions match its advertised ad-network functionality, but you should treat the API key and agent wallet like real money-access secrets and review the external service before enabling autonomous actions.
Guidance: This skill appears to do what it says, but take these precautions before installing or enabling it: 1) Only provide an API key you trust and treat PICOADS_API_KEY as a secret; prefer a limited-scope or test key. 2) Use a dedicated wallet for PICOADS_AGENT_ID with minimal funds (the service mentions on-chain USDC settlements and a $1 registration), so automated actions can't drain valuable assets. 3) Verify the picoads.xyz service reputation and read the external docs (llms.txt) and any plugin code before use. 4) Be cautious about enabling autonomous invocation — if you don't want the agent to place bids or register/pay on its own, disable autonomous execution or require manual confirmation. 5) Remember that fetching ad creatives loads remote content, which may include tracking or malicious media; avoid executing unknown code fetched from creatives.

Review Dimensions

Purpose & Capability: okThe required environment variables (PICOADS_API_KEY and PICOADS_AGENT_ID) and the described HTTP endpoints align with a micro-ad-network that posts bids, fetches matches, and submits delivery proofs. There are no unrelated binaries, installs, or config paths requested.
Instruction Scope: noteSKILL.md instructs the agent to call picoads.xyz endpoints for browsing hubs, posting asks/bids, fetching creatives, and submitting delivery proofs. It does not instruct reading local files or unrelated env vars. Caution: fetching ad creatives or other external content can expose the agent/user to arbitrary remote content (tracking, remote-hosted media, or potentially executable payloads if the agent renders/executes them).
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing will be written to disk by an install step.
Credentials: noteRequested env vars are proportionate to the described functionality. However, PICOADS_API_KEY is a powerful credential (used for mutations that can post bids/asks and submit settlement-related operations) and PICOADS_AGENT_ID maps to a wallet address on-chain. Treat both as sensitive and avoid sharing them widely.
Persistence & Privilege: notealways is false and there is no install; that's appropriate. The skill can be invoked autonomously (platform default). Because the API key can authorize transactions (posting bids, registering, submitting proofs), allowing autonomous invocation could permit the agent to spend funds — consider restricting autonomous use or providing a limited test wallet/API key.