Proposal Copilot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The proposal-writing purpose is mostly benign, but the skill embeds a third-party billing API key and defines account-charging calls without a clear declared approval flow.
Only install after confirming how SkillPay billing works. Ask the publisher to remove the hardcoded API key, declare and scope billing credentials, add an explicit confirmation before charges, and fix the command-handling issues so paid/free behavior is predictable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A billing credential embedded in the skill could allow unauthorized or poorly controlled billing operations if the key is valid or reused.
The skill ships a hard-coded third-party billing credential. The registry metadata declares no primary credential or env vars, so this privileged billing secret is not managed through a declared credential boundary.
const BILLING_API_KEY = 'sk_2842f59e...'; ... 'X-API-Key': BILLING_API_KEY
Remove the hardcoded key, use a platform-managed scoped secret or official billing mechanism, and clearly declare the billing credential/authority.
If wired or invoked, the skill could mutate a user's billing balance through an external service without a clearly visible approval step.
The code defines a raw third-party charge operation using the OpenClaw user ID and an amount. The artifacts do not show an explicit confirmation, approval, or rollback guard before charging; the charge function is also not consistently wired into command handling, making billing behavior ambiguous.
async function charge(userId) { ... '/api/v1/billing/charge' ... { user_id: userId, skill_id: SKILL_ID, amount: PRICE_PER_CALL } }Require explicit user confirmation before any paid call, keep charge logic in a declared billing workflow, and make paid/free command behavior consistent with the documentation.