Clawhub Skill Passive Income Tracker
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The tracker’s purpose is coherent, but it asks for sensitive crypto-service session tokens and a local node key while providing no installable code to review.
Review carefully before installing. Only use this if you can verify the actual CLI source and install path, prefer revocable read-only API keys over browser session tokens or keystore files, and be cautious about enabling WhatsApp/Telegram reports containing financial data.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the implementation mishandles or leaks the token, someone could access the user’s Grass.io account data or session-backed account functions.
The skill instructs users to extract and pass a browser session token into its CLI. Session tokens can grant account access, and the registry metadata declares no credential requirement.
Copy `userId` and `accessToken` values ... Paste into `passive-income-tracker add-app grass --token <accessToken>`
Use official read-only API keys where possible, avoid pasting browser session tokens into unreviewed tools, and rotate or revoke any token used for testing.
A local node credential could be exposed to an unreviewed command-line tool or shell history, potentially compromising the user’s node/account access.
This setup command reads a local Mysterium keystore/node key and passes it as a token. Local auth or keystore files are high-impact credentials and the artifacts do not bound how they are protected.
`--token "$(cat ~/.mysterium/keystore/node.key)"`
Do not pass private keystore material unless the provider explicitly requires it; prefer a scoped API token, keep secrets out of shell history, and verify the tool’s source before use.
A user or agent could run an unverified binary from PATH or an unpinned external source while supplying sensitive account tokens.
Despite having no install spec or included code, SKILL.md tells users to run `passive-income-tracker` commands that would receive credentials. The implementation and provenance of that CLI cannot be reviewed from these artifacts.
No install spec — this is an instruction-only skill.
Provide a pinned install source, reviewed code, and clear binary provenance before asking users to pass credentials to the CLI.
Earnings and payout information may appear in third-party messaging chats or shared notification channels.
The skill discloses that earnings summaries can be sent to messaging services. This is purpose-aligned, but it moves private financial activity data outside the local machine.
Daily/weekly summaries — automatically messaged to WhatsApp/Telegram
Configure alerts only to trusted private chats and review what financial details are included in messages.
Local files may retain financial history and credentials after setup, creating risk if the machine or backups are accessed by others.
The skill stores persistent earnings history and tokens locally. This is expected for a tracker, but the encryption claim cannot be validated because no implementation is included.
All data stored locally at `~/.openclaw/workspace/passive-income-tracker/`. SQLite database. ... API tokens stored encrypted at rest.
Verify local file permissions and encryption behavior, and remove the workspace data if uninstalling or no longer using the tracker.