ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ZL-ClawPay

v1.0.3

Use when users need to query sub-wallet binding status, bind sub-wallet, generate QR code, check payment status, query balance or transaction history. Trigge...

0· 54·0 current·0 all-time
byzlpay@kevindagege
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (wallet, QR, payment status, balance) align with the included code (wallet_service, payment_service, GM/HMAC security strategies). Requiring an API key and SM2/SM4 keys is reasonable for this integration. However metadata shown at the top of the registry data said 'Required env vars: none' while SKILL.md and _meta.json both list required env vars (ZLPAY_APP_ID, ZLPAY_API_KEY, ZLPAY_GM_CLIENT_PRIVATE_KEY, ZLPAY_GM_SERVER_PUBLIC_KEY). That mismatch between summary metadata and the embedded files is incoherent and should be resolved.
!
Instruction Scope
SKILL.md instructs the agent to run the bundled CLI (python scripts/skill.py call ...) and to consult local documents (references/api-spec.md and assets/request-examples.md) before making calls — which is consistent with the packaged code. But the skill also ships a config/.env file (present in the manifest) and uses a Config/StateStore/Memory system that reads configuration and may write state to disk. SKILL.md's 'Never expose credentials' claim conflicts with the presence of a packaged .env file and code that will read API/private keys; the instructions do not explicitly tell users to inspect or remove the bundled .env. The agent will execute local code which can read local files and environment variables, so users should verify what config/.env contains and what the Skill's Config reads.
Install Mechanism
There is no external download URL; the package includes a setup.sh that creates a virtualenv and installs pinned Python packages via pip from PyPI. That is a common install pattern and there are no obvious remote installers or URL-based extracts. However the registry listing earlier claimed 'No install spec — instruction-only', while SKILL.md lists has_install_scripts: true and setup.sh is present; that inconsistency is confusing for a reviewer and for safe deployment.
!
Credentials
Requiring ZLPAY_APP_ID, ZLPAY_API_KEY and SM2/SM4 client/server keys is proportionate to a payment/wallet integration. But the package includes a config/.env file inside the skill bundle (file size ~1964 bytes) which may contain example or real credentials; shipping env files with secrets is risky. Also top-level registry metadata omitted required envs while other files declare them — inconsistent declarations increase risk. The code also logs and maintains a state file and has logic to persist logs/state; ensure these storage locations and retention policies are acceptable. Finally, the logging filter masks common patterns but may not catch all sensitive values (custom keys/formats may leak).
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills. It will create a virtualenv, write logs and state files (LogManager, StateStore) and may write or read a local .env; these are expected for a CLI-driven skill but are non-trivial persistence actions. Autonomous invocation is allowed (normal), so combined with the above it's important to limit deployment scope and review runtime behavior.
What to consider before installing
This package contains a full Python implementation of a payment/wallet integration which generally matches its description, but there are several red flags you should address before installing: - Inspect config/.env immediately: the skill bundle includes a .env file. Open and verify it contains only harmless examples (no real API keys or private keys). If it contains secrets delete or overwrite it and ensure you supply secrets yourself via a secure mechanism. - Resolve metadata mismatch: the registry view reported no required env vars while SKILL.md and _meta.json require ZLPAY_APP_ID, ZLPAY_API_KEY and SM2/SM4 keys. Treat these env vars as required and never paste production private keys into the skill bundle. - Audit network endpoints and Config values: find where the skill sends HTTP requests (Config or endpoint values in the code or api-spec.md). Confirm requests go to trusted backends you control, and not to unknown/personal servers. PublicKeyManager fetches keys from a /skill/public-keys endpoint — verify the base URL. - Check state/log file locations and retention: the code writes logs and a state file; confirm the storage path is acceptable and that sensitive data isn't persisted in cleartext. - Run in a sandbox first: install into an isolated environment (container, VM) and test with dummy credentials before allowing access to real funds or production credentials. - If you are not comfortable auditing Python code, ask a developer/security person to review the Config class, the parts that read .env, and any code that transmits keys or session tokens. Given the inconsistencies and the included .env, treat this skill as suspicious until you verify the above items.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d3q1kdpn23hhs2f0cv6wb0d840p1b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments