Skillv1.0.0

ClawScan security

MoltCredit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's scripts and runtime instructions match a simple agent-to-agent credit system, but the package metadata omits required environment and tool requirements and there are small mismatches you should understand before installing.
Guidance: This skill appears to do what it says (a lightweight client for a cloud-hosted MoltCredit API), but check these points before installing or using it: 1) The scripts require an API key (MOLTCREDIT_API_KEY) even though the registry metadata omitted that—only set this key if you trust the operator of https://moltcredit-737941094496.europe-west1.run.app. 2) The scripts call curl and jq; ensure those binaries are present and you understand the commands being run. 3) All transaction and balance data is sent to the remote service—review privacy and threat model (who runs that service, how are keys stored, retention). 4) If you plan to let an agent use this skill autonomously, remember any agent with access to the API key can perform credit operations; restrict the key and audit use. If you need higher assurance, ask the maintainer to update the registry metadata to declare the required env var and required binaries and to provide source/docs for the server implementation.

Review Dimensions

Purpose & Capability: noteThe name, SKILL.md, scripts, and skill.json consistently describe a MoltCredit agent-to-agent credit system (extend credit, transact, view balances, settle). That purpose aligns with the included curl-based scripts and the cloud.run API URL. Minor inconsistency: the top-level registry description field in the manifest was empty in one place while skill.json contains a short description, but this is not harmful.
Instruction Scope: okSKILL.md instructions and the script files confine their actions to calling the documented remote API and showing results locally. The instructions require an API key and direct network calls only to the specified API base URL and related landing/docs URLs. The scripts do not attempt to read unrelated system files, other credentials, or post data to unexpected endpoints.
Install Mechanism: noteThis is instruction-only (no install spec), which is low-risk. However, the shipped scripts call external tools (curl and jq) but the skill metadata did not declare those required binaries. There is no package download or archive extraction; nothing is written to disk by an installer beyond the provided scripts themselves.
Credentials: concernThe runtime scripts require a MOLTCREDIT_API_KEY environment variable (and SKILL.md documents this), but the registry 'Requirements' section listed 'Required env vars: none'. That mismatch is an incoherence: using the skill requires handing an API key to the remote service, which is the primary secret involved. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true and has no install hooks or actions that modify other skills or system-wide agent settings. It runs as-needed via simple scripts making outbound API calls, which is expected for this functionality.