Skillv1.1.0

ClawScan security

Prompt Gen Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 25, 2026, 4:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it says (generates AI art prompts) but includes a hardcoded billing API key, copies that key into SKILL.md, and has buggy/misleading payment logic—these inconsistencies and secret exposure are concerning.
Guidance: This skill will generate prompts as advertised, but it contains a hardcoded SkillPay API key (visible in both SKILL.md and handler.py) and code that will contact an external billing endpoint (skillpay.me) to charge users. The payment code is also buggy (undefined SKILL_ID, indentation mistakes, and an exception handler that may mark failures as successful), which could produce unexpected behavior. Before installing, consider: 1) Do you trust the skill author and the SkillPay account tied to that API key? 2) Prefer a version that does not embed secrets in code—API keys should be provided via platform-managed secrets or environment variables and declared in requires.env. 3) Ask the author to fix the obvious bugs (undefined SKILL_ID, indentation, and exception handling) and to remove the plaintext key from SKILL.md. 4) If you don't need the billing feature, request a version without the SkillPay integration. If you proceed, monitor outgoing network requests and billing activity closely and avoid using any real payment identifiers until the code and secret handling are corrected.
Findings: [hardcoded-secret] unexpected: Both SKILL.md and handler.py contain the same hardcoded SkillPay API key (sk_93c5ff38...91430e). Embedding a billing API key in the code/doc is not expected or appropriate for a simple prompt-generation skill and risks credential leakage and unauthorized charges.

Review Dimensions

Purpose & Capability: noteThe code implements prompt generation for Midjourney/DALL·E/SDXL as described. However, the skill also implements billing via SkillPay (charging users) and embeds a SkillPay API key and price in both SKILL.md and handler.py; billing is not inherently incompatible with the stated purpose but embedding credentials in the package is disproportionate and unusual.
Instruction Scope: concernSKILL.md and handler.py both instruct/attempt to contact an external billing endpoint (skillpay.me) and include the same API key inline. The README exposes a secret key in plaintext. The handler's payment flow is buggy (undefined SKILL_ID, indentation error, exception handler returns success True on failure), which could cause unexpected behavior. The skill sends user_id and billing data to an external endpoint — reasonable for paid skills, but it's a data-exfiltration/billing risk if you don't trust the endpoint or key.
Install Mechanism: okNo install spec and no external downloads — the only executable content is handler.py included with the skill. That reduces install risk but the included script will run and perform network calls when invoked.
Credentials: concernThe package contains a hardcoded SkillPay API key in both SKILL.md and handler.py instead of declaring it as a required credential or using a platform-provided secret. No env vars are declared, yet a sensitive credential is embedded in the code and public docs — disproportionate and a secret-management red flag.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistence, and it doesn't attempt to modify other skills or system configuration in the provided files.