Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
run402
v3.0.1Provision Postgres databases, deploy static sites, generate images, and build full-stack webapps on Run402 using x402 micropayments. Use when the user asks t...
⭐ 0· 323·0 current·0 all-time
byTal Weiss@majortal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description (provision Postgres, deploy sites, use micropayments) aligns with the instructions, but the metadata claims no required binaries or env vars while the runtime instructions explicitly require npm (global install of run402), a local wallet file (~/.run402/wallet.json), and writes projects to ~/.config/run402/projects.json. The skill should have declared that it expects npm/Node and will create/modify those files — omission is an incoherence.
Instruction Scope
SKILL.md tells the agent to install a global npm package, create and persist a wallet file, request faucet funds, accept/record service keys and other secrets in a deployment manifest, and instruct humans to send crypto or use a billing URL. These instructions read/write user home/config files and explicitly ask for sensitive credentials and payments, which is outside the scope of a passive 'instruction-only' skill unless those side effects are declared and expected.
Install Mechanism
There is no install spec in the registry metadata, but SKILL.md instructs running `npm install -g run402`. That means installation will pull code from npm at runtime (not tracked by the registry). This is a moderate risk because the skill delegates installation to an external package manager without declaring that requirement.
Credentials
The skill metadata lists no required environment variables or credentials, yet the instructions reference storing and using sensitive keys: `service_key` (full admin), `anon_key`, `access_token`, and example `secrets` including `OPENAI_API_KEY`. The manifest pattern asks for plaintext secret values to be included. Requesting or storing admin-level keys without declaring them is disproportionate and risky.
Persistence & Privilege
The skill is not marked always:true and doesn't autonomously install itself, which is good. However, the runtime instructions explicitly persist a wallet file and project records in user home/config directories and instruct the agent to solicit funds from users. The skill therefore takes persistent local state and may prompt for payments — that elevated persistence/behavior should be communicated in metadata.
What to consider before installing
Before installing or using this skill: (1) understand it instructs you to run `npm install -g run402` — inspect the npm package source (or use a sandboxed environment) before global install; (2) it will create and store a wallet at ~/.run402/wallet.json and project info at ~/.config/run402/projects.json — consider the privacy/security of storing keys on disk; (3) the manifest can include sensitive values (service_key, OPENAI_API_KEY). Never upload or store admin/service keys unless you trust the service and understand the privilege (service_key bypasses RLS); prefer using anon_key or scoped tokens; (4) the SKILL.md asks the agent to request or solicit on-chain payments from humans — be careful about social-engineering prompts and financial requests; (5) ask the skill author/maintainer for missing metadata (required binaries, exact npm package name and registry URL, where secrets are stored, and why env vars/credentials are not declared). If you proceed, use a disposable/test account, avoid putting production admin keys into manifests, and run the CLI in a contained environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97awy8ggb8xp4jns1jxtmyqas82sejk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.