Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill is a disclosed paid QA/security-audit workflow that creates and verifies a payment order before the agent delivers the requested QA or security advice.
Before installing, expect a Chinese-language paid workflow that contacts https://api.ideaidea.com.cn, stores local order metadata under OpenClaw's orders directory, and sends a payment credential from that order file for verification only after confirmation. Do not use it unless you are comfortable with that payment provider and workflow.
65/65 vendors flagged this skill as clean.
No suspicious patterns detected.