Skillv1.0.4

ClawScan security

Agenthub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 9:50 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are internally consistent with its stated purpose (a pay-per-call API gateway that signs micropayments with a Base wallet), but it requires trusting a third-party npm SDK with a wallet private key — which is high-risk and should be audited or isolated before use.
Guidance: This skill is internally coherent for a pay-per-call gateway, but it requires you to trust a third-party npm package with a wallet private key. Before installing or using it: 1) Audit the rwagenthub-sdk source on npm/GitHub (verify what network calls and signing it performs, and check for postinstall scripts). 2) Use a dedicated wallet funded with minimal USDC only (the skill itself recommends $1); never use a primary wallet or one holding large balances. 3) Prefer running the SDK in a sandbox or isolated environment and monitor outbound network traffic. 4) Pin the SDK version and inspect package contents after install (node_modules/rwagenthub-sdk). 5) If you cannot review the SDK, consider asking the provider for a non-key-based alternative (e.g., an API key with limited scope or server-side payment handling). These steps reduce risk but do not eliminate it.

Review Dimensions

Purpose & Capability: okName/description (AgentHub: gateway for 32 APIs charged via USDC on Base) aligns with declared requirements: node/npm, an AGENTHUB_WALLET_KEY, and an npm SDK (rwagenthub-sdk). Requiring a wallet key to sign micropayments is coherent with the pay-per-call design.
Instruction Scope: noteSKILL.md instructs the agent to install the rwagenthub-sdk into the skill workspace and to run ephemeral Node scripts that read process.env.AGENTHUB_WALLET_KEY and call hub.call(...). The instructions do not ask for unrelated files or credentials, but they do instruct runtime installation and execution of third-party code that will handle a private key — this gives the SDK broad runtime discretion and cannot be verified from the SKILL.md alone.
Install Mechanism: noteInstallation is via npm (rwagenthub-sdk@1.0.2) into the skill's workspace. npm installs are expected for Node-based skills and are traceable, but npm packages can execute postinstall scripts and include arbitrary code; the package source should be reviewed. No high-risk direct downloads/archives are used.
Credentials: concernThe single required env var is AGENTHUB_WALLET_KEY (primary credential). Requiring a wallet private key is plausible for signing micropayments, but it's highly sensitive: misuse or malicious SDK behavior could allow theft of funds. The SKILL.md advises using a dedicated low-funds wallet, which mitigates risk but does not eliminate the need to trust the SDK and gateway.
Persistence & Privilege: okalways is false and the skill installs into its own workspace. The skill does not request persistent platform-wide privileges or to modify other skills' configs. Autonomous invocation is allowed by default (not a flag by itself).