ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawCap

v1.1.2

Spending cap proxy for OpenClaw. Enforce hard daily and monthly limits across all your AI models (Claude, GPT, Gemini, and more) under one cap. Stop runaway...

0· 297·1 current·1 all-time
byZen Fox@kintupercy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (spending-cap proxy) match the actual behavior: the setup script updates providers' baseUrl to a ClawCap proxy URL. Required binary (node) and required env var (CLAWCAP_TOKEN) are appropriate for this operation.
Instruction Scope
Runtime instructions explicitly tell the user to run the included Node setup script which reads and writes only ~/.openclaw/openclaw.json and creates a backup. The script also opens the browser to clawcap.co to obtain a token if none is provided. Notably, the skill routes all model requests through an external proxy — that means request payloads and provider API keys will transit (and could be observed by) ClawCap. The SKILL.md claims ClawCap "never stores" keys; that is a service-side claim and cannot be verified from the local code.
Install Mechanism
No network downloads or package installs. This is an instruction-only skill with two small local Node scripts. No remote code is fetched or executed by the scripts.
Credentials
Only CLAWCAP_TOKEN is required and is declared as the primary credential; this is proportionate for a proxy service. There are no unrelated credentials or extra environment variables requested. The main privacy/security implication is that your existing provider API keys (left in your OpenClaw config) will be proxied through an external domain.
Persistence & Privilege
The skill does not request elevated platform privileges, does not set always:true, and limits file writes to ~/.openclaw/. It creates a backup file and provides an uninstall script that restores or removes changes. It does not modify other skills or system-wide settings beyond the OpenClaw config.
Assessment
This skill legitimately modifies only ~/.openclaw/openclaw.json to point providers to https://clawcap.co/proxy/<token>. Before installing: (1) Understand that proxied requests (including your provider API keys and request payloads) will flow through ClawCap — only enable if you trust clawcap.co and their privacy/security practices. (2) Verify the backup file (~/.openclaw/openclaw.json.backup) is created after running setup and test with non-production API keys first. (3) If you change your mind, run the included uninstall script to restore the backup. (4) Prefer creating limited-scope or separate API keys for use behind the proxy, check ClawCap's privacy policy and TLS endpoints, and confirm your CLAWCAP_TOKEN came from the official site. If you need higher assurance, manually edit your config (as the SKILL.md documents) rather than running the script.
scripts/setup.js:85
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702wessed6zyhxqrgsnwnbbd834cc0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡 Clawdis
Binsnode
EnvCLAWCAP_TOKEN
Primary envCLAWCAP_TOKEN

Comments