ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Conto Hermes

v1.8.0

Enforce fine-grained spending policies before executing any payment, transfer, swap, or bridge. Checks Conto policy engine for approval before money leaves y...

0· 89·0 current·0 all-time
byConto@kwattana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md, README, and conto-check.sh consistently implement a Conto policy gate for payments and require a Conto SDK key and network access to conto.finance — this is coherent with the skill's purpose. However, the top-level registry metadata included with the skill (the summary at the top of the report) lists no required env vars or binaries, while clawhub.json and SKILL.md declare CONTO_SDK_KEY and binaries (curl, jq, python3). That mismatch in metadata is inconsistent and could mislead installers.
Instruction Scope
The runtime instructions focus on policy checks, setup, and using conto-check.sh for approve/confirm/x402/policy management. The script only interacts with the Conto API and the agent's Hermes config; it does not attempt to read unrelated system files. It does run a temporary local HTTP server during setup to receive an SDK key callback and writes the SDK key into ~/.hermes/.env (see persistence notes).
Install Mechanism
This is an instruction-only skill with a helper shell script (no download/install of arbitrary code). No high-risk remote installs are present. The SKILL.md does reference installing from a well-known URL, but no packaged install script or remote archive extract is included in the repository itself.
!
Credentials
The skill legitimately needs a single service credential (CONTO_SDK_KEY) to call Conto APIs. Concern arises because: (1) the top-level metadata omitted this requirement while the bundled clawhub.json and SKILL.md require it, (2) the script suggests generating Admin vs Standard SDK keys but will save whatever key is returned into ~/.hermes/.env (no safeguard to enforce least privilege). If an Admin-scoped key is used, the agent could create/update/delete policies and manage agents/wallets. Also, the SDK key is stored in plaintext in the user's ~/.hermes/.env file — expected for CLI helpers but sensitive.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. It will persist the SDK key and API URL by writing/overwriting CONTO_SDK_KEY and CONTO_API_URL in ~/.hermes/.env during setup, which is normal for a CLI helper but means the secret is stored on disk for future autonomous agent use. The setup also starts a short-lived local HTTP server to receive a callback; that is ephemeral but noteworthy.
What to consider before installing
Before installing or running this skill: - Verify the installation source and that https://conto.finance is the official Conto site (inspect TLS certs if unsure). - Expect to provide a CONTO_SDK_KEY; prefer issuing a least-privilege (Standard) SDK key for runtime policy checks. Do NOT use an Admin key for normal operation unless you explicitly need the skill to create/manage policies or agents. - Review the conto-check.sh script yourself (it’s included). The script will open a browser for setup, start a temporary local HTTP server to receive an SDK key, and then write CONTO_SDK_KEY and CONTO_API_URL in plaintext to ~/.hermes/.env — treat that file as sensitive. - Because the package metadata in this bundle is inconsistent, confirm required binaries (curl, jq, python3) are available before running, and confirm the key scope you receive during dashboard provisioning. - If you allow the agent to invoke the skill autonomously, be aware that the stored SDK key enables the agent to call Conto APIs; combine that with least-privilege keys and appropriate Conto policies (require human approvals for high-value transactions) to reduce risk. - If you need higher assurance, obtain the SDK key with the desired scope from the Conto dashboard manually and add it to ~/.hermes/.env yourself rather than using the automated setup callback.

Like a lobster shell, security has layers — review code before you run it.

latestvk971tmx2z9jr9rx1cdtsf5mnth84as54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments