Back to skill
Skillv1.6.0
ClawScan security
SP3ND — Buy from Amazon & eBay with USDC · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 1, 2026, 2:34 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions broadly match its shopping/payment purpose, but there are several coherence and safety concerns (autonomous spending with a locally stored private key, an odd credential requirement vs. self-registration flow, and unverified external endpoints) that you should understand before installing.
- Guidance
- This skill enables an agent to create and hold a Solana wallet private key and to spend USDC autonomously. Before installing: (1) verify the SP3ND service and the domains listed (sp3nd.shop, the Cloud Functions URL, and facilitator.payai.network) — they are not widely recognized; (2) do not fund the generated wallet with any amount you are not willing to lose (autonomous spending is explicit); (3) confirm why SP3ND_API_KEY/SP3ND_API_SECRET are declared 'required' even though the agent can self-register — ask the provider to clarify expected setup flow; (4) prefer running this skill in a sandbox or with minimal test funds first; (5) avoid using any production funds or linking sensitive personal accounts; (6) consider requiring human approval for purchases or implementing a remote multisig/hot-wallet pattern instead of a single local private key. If the provider cannot satisfactorily explain the credential flow and the facilitator/trustworthiness of the endpoints, treat the integration as high-risk and avoid funding the wallet.
Review Dimensions
- Purpose & Capability
- concernThe skill's declared purpose (autonomous shopping using USDC on Solana) aligns with the env vars and runtime interactions (SP3ND API, Solana RPC, payment facilitator). However there is an inconsistency: SKILL.md documents an unauthenticated POST /registerAgent that returns API key/secret, yet the skill metadata marks SP3ND_API_KEY and SP3ND_API_SECRET as required env vars up-front. Requiring pre-provisioned credentials while also offering self-registration is incoherent and should be clarified.
- Instruction Scope
- noteInstructions focus on wallet generation, registering the agent, creating carts/orders, and signing USDC payments — all within the claimed purpose. The skill explicitly instructs creating and storing a private Solana key file (.wallet.json) which the agent will read to sign payments. This is expected for autonomous payments but is materially sensitive: the agent (and the skill) will have the ability to spend funds in that wallet.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — lowest install risk. No downloads or package installs are requested by the manifest.
- Credentials
- concernRequired environment variables are limited to SP3ND_API_KEY and SP3ND_API_SECRET, which is proportionate to using the SP3ND API. However: (1) storing a Solana private key in a local file (state .wallet.json) is a highly sensitive requirement — the skill expects the agent to sign transactions autonomously and to keep the secret locally; (2) the earlier-mentioned inconsistency between required env vars and the self-registration flow is unexplained; and (3) the skill also references third-party endpoints (facilitator.payai.network) that would receive payment-related data — confirm trustworthiness of those services before supplying secrets or funding the wallet.
- Persistence & Privilege
- noteThe skill is not force-installed (always:false) and is user-invocable. Autonomous model invocation is allowed (the platform default) and this skill intentionally enables autonomous spending — the manifest even documents 'autonomous_spending: true'. That is appropriate for the stated purpose but increases risk: once the wallet is funded the agent can spend funds without per-transaction human approval. No other elevated privileges or modifications to other skills are requested.