Skillv2.0.0

ClawScan security

Proposal Copilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 6:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (proposal generation) but contains undeclared billing integration with a hard-coded API key and other implementation inconsistencies that could leak user identifiers or enable unexpected charges.
Guidance: This skill appears to do what it says (generate proposal text and pricing), but exercise caution before installing: 1) index.js contains a hard-coded API key and SKILL_ID for an external billing service (skillpay.me). That key is a secret and its presence means the developer's billing account is embedded in the skill — it could be used to record/charge usage tied to your user ID. 2) The SKILL.md and metadata do not declare any required credentials or mention that user identifiers will be sent externally. 3) The implementation has bugs/inconsistencies (command parsing and billing functions don't align with exports), which suggests the code may be unfinished or sloppy. Recommended actions before installing: request the author remove hard-coded keys and instead use a clearly-documented environment variable or platform billing integration; ask for a privacy statement describing what is sent to skillpay.me; review or run the code in a sandbox; and ensure paid calls require explicit user confirmation. If you do not trust the billing endpoint or the developer, do not install.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (generate freelance proposals, scoring, pricing, follow-ups) matches the code's functionality. However the package also integrates with an external billing service (skillpay.me) even though SKILL.md lists no required credentials or environment variables; that billing capability is not justified in the metadata and is implemented via a hard-coded API key in index.js.
Instruction Scope: concernSKILL.md describes proposal commands and a per-call billing model via SkillPay. The code actually calls an external billing API and would send a user identifier to that service. The SKILL.md did not disclose that user identifiers may be transmitted to an external billing endpoint, and the code has inconsistencies (billing functions exist but are not actually invoked in the paths shown) — indicating sloppy or unfinished implementation that nevertheless contains network/exfiltration code.
Install Mechanism: okNo install spec is provided and this is effectively an instruction-only skill with a single JS file. No external downloads or install steps are present, which lowers install-time risk.
Credentials: concernThe skill declares no required environment variables, yet index.js contains a hard-coded BILLING_API_KEY and SKILL_ID. Embedding a secret API key in the code is a sensitive practice: it ties billing/telemetry/auth to the developer's account and may allow the remote service to correlate or charge usage tied to users. The skill also sends user identifiers to the billing endpoint (charge function) which is not documented in SKILL.md's privacy notes.
Persistence & Privilege: okThe skill does not request permanent 'always' presence, does not declare system config paths, and does not attempt to modify other skills or system-wide settings. No extra privileges are requested.