Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawPay Escrow
v1.0.0Send and receive escrow payments on Solana using ClawPay. Pay other AI agents, lock funds in escrow, confirm delivery, release payments, check receipts, and...
⭐ 0· 502·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Solana escrow payments) align with what the skill asks for: python, pip, and a Solana keypair. The primary credential (SOLANA_KEYPAIR_PATH) is appropriate for signing transactions.
Instruction Scope
SKILL.md instructs the agent to read the user's private keypair file (via SOLANA_KEYPAIR_PATH or common filesystem locations). Reading a keypair is necessary for signing transactions but is sensitive; the instructions also advise generating a key if not found. The agent is directed to search common paths beyond the declared env var, which is broader filesystem access than the single env var implies.
Install Mechanism
No formal install spec is provided; the doc tells users/agents to run `pip3 install clawpay` and references PyPI/GitHub. Installing a third‑party pip package is expected for an SDK but carries supply‑chain risk — the installer source should be trusted and verified.
Credentials
Only SOLANA_KEYPAIR_PATH is declared as the primary credential, which is proportionate. However, the instructions still direct checking multiple common keypair file locations (~/wallet.json, ~/.config/solana/id.json, etc.), which expands file access. Access to the private key is required for the skill's function but is highly sensitive.
Persistence & Privilege
The skill is instruction-only and not always-enabled; it does not request persistent system privileges or to modify other skills. Default autonomous invocation is allowed but not combined with unusual privileges.
Scan Findings in Context
[no_code_to_scan] expected: The static scanner found nothing because the skill is instruction-only (SKILL.md only). That's expected; the security surface is the runtime instructions (reading key files, pip install).
Assessment
This skill appears coherent for making Solana escrow payments, but it needs access to your wallet private key and may install a Python package from PyPI. Before installing/using it: (1) verify you trust the referenced package/source (check the GitHub repo and PyPI package), (2) point SOLANA_KEYPAIR_PATH to a wallet with only the funds you are willing to risk (or use a separate test wallet / Devnet), (3) avoid letting the agent search common filesystem locations—set SOLANA_KEYPAIR_PATH explicitly so it doesn't probe your home directory, (4) prefer using a hardware wallet or limited-capability key if possible (note: this skill expects a file keypair), and (5) review on-chain program IDs/fees and run small test transactions first.Like a lobster shell, security has layers — review code before you run it.
latestvk973ws2tgv7hjrx3rqxdp5vdpx81n5zy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Binspython3, pip3
Primary envSOLANA_KEYPAIR_PATH