Skillv1.1.0

ClawScan security

Bitget Poolx Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 6, 2026, 7:22 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (lightweight scraping via r.jina.ai) mostly matches its files, but there are important incoherences and a hard-coded billing API key that make the package suspicious and worth closer review before use.
Guidance: This skill is suspicious rather than clearly malicious. Before installing or running it: 1) Do not run the Python files on a production machine — run in an isolated environment if you want to inspect behavior. 2) Ask the author to explain why Playwright is included despite the README claiming it's unnecessary, and to either remove that code or add a proper install spec for Playwright and browsers. 3) Treat the hard-coded BILLING_API_KEY as sensitive: ask the author why a secret key is embedded, verify whether it's a test/demo key, and request that billing credentials be supplied via environment variables or handled by the platform rather than hard-coded. 4) Be aware the skill will make outbound HTTP requests to r.jina.ai, www.bitget.com and skillpay.me (including potential payment/charge operations). 5) Consider refusing installation or auditing network traffic until the above inconsistencies are resolved; if the embedded API key is real, consider requesting that it be revoked/rotated.

Review Dimensions

Purpose & Capability: concernSKILL.md and main examples use r.jina.ai to fetch Bitget PoolX (consistent). However the repo also contains bitget-final.py which uses Playwright and stealth tricks to fetch the same site; this contradicts the README claim 'no Playwright needed' and introduces a heavy dependency not declared in metadata.
Instruction Scope: concernSKILL.md only instructs lightweight HTTP fetches to r.jina.ai/bitget.com and shows a simple requests example. The included Python files, however, perform additional network operations (calls to skillpay.me) and a headful/headless browser flow that may load different content. The instructions do not document these extra behaviors or when the Playwright path is used.
Install Mechanism: noteThere is no install spec (instruction-only) which is low-risk in isolation, but the presence of Playwright-based code implies a large dependency that is not declared. If someone runs the Playwright script, they will need to install Playwright and browsers — this mismatch is a packaging/information gap.
Credentials: concernNo required env vars are declared, yet billing.py contains a hard-coded BILLING_API_KEY and SKILL_ID. Hard-coded secret-like values in distributed code are a red flag: they may allow the author (or anyone with the key) to charge or query balances, and the skill performs network calls to an external billing endpoint (skillpay.me) without disclosing required credentials.
Persistence & Privilege: okThe skill does not request always:true, no special OS restrictions, and does not declare config paths. It does not attempt to modify other skills or agent-wide settings in the provided files.