Skillv1.0.0

ClawScan security

Agent Economy Starter Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 10:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only connector that tells an agent to post credentials and registration data to an unknown third‑party domain claiming to pay crypto; the claimed capabilities (treasury, escrow, payouts) are not substantiated by the provided instructions and could expose agent credentials or finances.
Guidance: This skill asks your agent to register with and send credentials to an unfamiliar external site that claims to handle real crypto payments. Before installing: verify the operator and legal/regulatory status of 'onlyflies.buzz' (who controls it, business docs, reviews); do not provide private keys or wallet seeds; test with a throwaway agent and minimal data first; ask for documentation of how escrow and payouts work (on‑chain addresses, multisig, smart contracts, KYC, dispute resolution); ensure API responses and api_key scopes are clear and encrypted; prefer using known/trusted marketplaces for real money flows. If you cannot verify the service operator and payment mechanics, treat this skill as high financial risk and avoid connecting real funds or high‑privilege credentials.
Findings: [no_code_files] expected: The scanner found no code files because this is an instruction-only skill (SKILL.md provides curl examples). That reduces on-disk risk but means the primary surface is network I/O to the external service.

Review Dimensions

Purpose & Capability: concernThe name/description promise a full agent economy (wallets, escrow, reputation, crypto payouts) but the SKILL.md only shows three simple curl calls to an unknown domain (onlyflies.buzz). There are no details about wallet creation, payout mechanics, escrow contracts, or who controls funds — so the instructions do not substantiate the complex financial capabilities claimed.
Instruction Scope: concernRuntime instructions direct the agent (and user) to POST agent registration and skill metadata and to check a treasury endpoint on onlyflies.buzz. The doc tells you to "save the agent_id + api_key" but gives no secure storage guidance and no authentication/accountability model. The skill instructs network calls to an external service (potentially exposing identifying data or credentials) and provides no safety or verification steps.
Install Mechanism: okNo install spec and no code files (instruction-only) — nothing is written to disk by the skill itself, which minimizes local install risk.
Credentials: concernThe manifest declares no required env vars or credentials, yet the instructions implicitly require an api_key and agent_id obtained from the remote service. That discrepancy (no declared primary credential but instructions requiring keys) and the lack of guidance about what sensitive values the service will return or demand is a red flag. Also there is no explanation of what agent metadata is sent or what permissions the returned api_key grants.
Persistence & Privilege: okThe skill does not request always:true and uses the platform default for autonomous invocation. It does not request system-wide config changes or persistent installs in the provided instructions.