ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Run402 Test

v2.0.1

Test skill for Run402 — provision AI-native Postgres databases with REST API, auth, and row-level security using x402 micropayments on Base.

0· 267·0 current·0 all-time
byTal Weiss@majortal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to help provision and use Run402 databases which is consistent with the included helper script that posts SQL to the Run402 admin API. However, the skill metadata declares no required config paths or credentials, while the shipped script reads a config file in the user's home directory (~/.config/run402/projects.json) to extract service_key. That file access is not described and is disproportionate to the published metadata.
!
Instruction Scope
SKILL.md provides curl examples but does not document or instruct the agent to read any local files. The bundled sql2.mjs script (not referenced in SKILL.md) reads a local config file, extracts a service key, and posts SQL. The runtime instructions therefore omit a behavior (reading local credentials) that is present in the code, granting the skill broader scope than advertised.
Install Mechanism
No install spec is included (instruction-only plus a small helper script). Nothing is downloaded or installed automatically, which minimizes install-time risk.
!
Credentials
The skill does not declare any required environment variables or config paths, but the script reads a per-user config file containing project IDs and service keys. Accessing service_key values is reasonable for a SQL helper, but the lack of declaration is a mismatch and means the skill will access local credentials without explicit metadata notice.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges, nor does it modify other skills or system-wide settings.
What to consider before installing
Before installing or running this skill: (1) Inspect ~/.config/run402/projects.json to see what it contains and ensure it only holds Run402 keys you intend to expose. (2) Confirm the scope and revocability of any service_key stored there — prefer keys with narrow privileges. (3) Ask the publisher to update SKILL.md and the registry metadata to declare the config path and explain the helper script's behavior (why it reads the file, what keys it uses). (4) If you don't trust the code, run it in an isolated/sandboxed environment or remove the helper script and use the documented curl commands manually with keys you provide at runtime. (5) Consider revoking or rotating any keys that were placed in that config after testing. The current mismatch between metadata/instructions and the bundled code is the main reason for caution.
!
sql2.mjs:1
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776tn2qpx58xca172j53spes82qnz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments