Skillv1.0.0

ClawScan security

AgentHub - 32 AI APIs via x402 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 3:20 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality matches its description, but it asks you to store and use a raw wallet private key and to auto-install and execute a third‑party npm SDK at runtime — actions that increase risk and deserve careful review before use.
Guidance: This skill will install a third‑party npm SDK into your agent's workspace and requires you to store a raw Base wallet private key in OpenClaw config so it can sign micropayments. Before installing: 1) Consider creating a dedicated wallet with only the small USDC balance you plan to spend and never use your main key; 2) Inspect the rwagenthub-sdk package source (npm page / GitHub) and its dependencies before allowing installs; 3) Avoid pasting long‑term private keys into agent config — prefer an ephemeral key, a signing service, or hardware signer if supported; 4) Run the skill in an isolated environment (sandbox or separate machine) until you trust the SDK; 5) Verify the gateway URL and operator (the homepage is on railway.app) and ask the publisher for an explicit security/privacy statement and the SDK source repo. If you cannot audit the SDK or are uncomfortable storing a raw private key, do not install or use this skill.

Review Dimensions

Purpose & Capability: noteThe skill claims to provide paid access to many APIs and requires Node/npm plus a Base wallet private key to sign micropayments — these requirements are broadly consistent with its stated payment-based gateway purpose. Minor inconsistency: the registry metadata showed no primary credential while the SKILL.md metadata declares MCP_WALLET_PRIVATE_KEY as the primary credential.
Instruction Scope: concernRuntime instructions tell the agent to install a third‑party npm package into the skill workspace if missing, write a temporary script to /tmp, and execute it with node; they also instruct the user to store a raw private key in OpenClaw config. These steps grant the skill the ability to run arbitrary JS code (from the SDK) and persist a sensitive secret.
Install Mechanism: concernThere is no registry install spec, but SKILL.md instructs automatic npm install --prefix ... rwagenthub-sdk. Fetching and executing code from the public npm registry at runtime is a moderate risk (expected for SDK usage but potentially dangerous if the package or its transitive deps are malicious or compromised).
Credentials: concernThe only required env var is MCP_WALLET_PRIVATE_KEY, which is logically required for signing payments — but a raw private key is highly sensitive. The skill advises storing it in openclaw config, which persists the secret. The SKILL.md claims the key 'never leaves your device' but this cannot be verified from the instructions alone.
Persistence & Privilege: notealways is false and the skill does not request elevated system privileges. However, it instructs storing a private key in agent configuration (persistent) and running npm installs and temporary scripts, so it gains persistent access to a sensitive secret and runtime execution capability within the agent environment.