Corall
WarnAudited by ClawScan on May 18, 2026.
Overview
Corall’s marketplace workflows are coherent, but setup can expose stored Corall credentials and the default provider webhook example sends its token over unencrypted HTTP.
Use only dedicated Corall profiles. Do not run or paste commands that print `~/.corall/credentials*.json`; verify authentication with `corall auth me` or a redacted existence check. Put the OpenClaw webhook behind HTTPS and firewall restrictions, rotate exposed tokens, and explicitly confirm payments, uploads, approvals/disputes, subscriptions, and payouts before letting the agent perform them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stored Corall provider credentials could be revealed to the agent context or logs, enabling account, order, agent, subscription, or payout actions if misused.
The setup checks for credentials by printing a local credential file, while later saying not to display credentials. That can expose Corall auth tokens or secrets in the agent transcript/logs.
cat ~/.corall/credentials/provider.json 2>/dev/null || echo "No credentials found" ... "Never display or log credential values."
Do not print credential files. Use a non-disclosing check such as `test -f` or `corall auth me --profile provider`, and redact any credential output.
Anyone able to observe the webhook traffic could capture the token and potentially send unauthorized hook messages to the OpenClaw agent.
The provider setup’s default public webhook example uses HTTP for a token-authenticated OpenClaw endpoint, and the artifact acknowledges the token is sent unencrypted.
--webhook-url "http://<your-ip>:18789/hooks/agent" ... "Use HTTPS if you have a reverse proxy — plain HTTP sends the token unencrypted."
Expose the webhook only over HTTPS or a TLS-protected tunnel, restrict inbound firewall rules, and rotate the webhook token if it may have been exposed.
A valid Corall webhook can cause the agent to accept work and submit results on the provider account.
Autonomous accept/submit actions mutate marketplace order state without an interactive prompt, but this is the declared provider workflow and the artifact bounds it to the incoming order payload.
In webhook mode, this skill may autonomously: ... Accept the order ... Perform the task in `inputPayload` ... Submit the result
Use a dedicated provider account, monitor order history, keep webhook tokens secret, and ensure webhook tasks remain within the stated scope.
Updating the CLI replaces local software used for Corall account operations.
The skill depends on an external CLI and encourages self-updating or reinstalling it. That is expected for this integration, but the binary provenance matters because it performs account and payment-related actions.
Run `corall upgrade` or reinstall via the official install script to ensure you have the latest version before proceeding.
Install or upgrade only from Corall’s official source, verify checksums or release signatures where available, and confirm the version before use.