Skillv1.0.0

ClawScan security

Clawhub Skill Passive Income Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 1:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and commands claim a local CLI, encrypted token storage, and automatic message delivery, but the package contains no install or code—while it legitimately requests sensitive tokens and local keys, those claims are unverifiable and the bundle lacks the implementation to justify them.
Guidance: This skill conceptually fits its purpose (aggregating earnings) but the package is instruction-only and does not include the CLI or code that it references. Before installing or running anything you should: 1) Inspect the referenced GitHub repository code yourself (or ask for it) to verify how tokens are stored/encrypted and how alerts (WhatsApp/Telegram) are delivered. 2) Avoid pasting long-lived secrets or passwords on the command line; prefer short-lived API keys or read-only tokens and use a secure secret entry method. 3) Verify the repository's authenticity (owner, commits, issues) and prefer running the code on an isolated machine or VM. 4) If you proceed, confirm exactly where credentials are saved and how encryption is implemented; do not rely solely on the SKILL.md claim of 'encrypted at rest'. 5) Consider whether automatic messaging requires additional credentials and where those will be stored.

Review Dimensions

Purpose & Capability: concernName and description match the intended function (aggregating passive-crypto earnings), and the listed credentials (service tokens, node keys) are plausible for that task. However, the skill advertises a CLI with many commands and claims 'encrypted at rest' storage but provides no code or install mechanism in the bundle (instruction-only). That mismatch (declared commands + implementation absent) is unexpected and reduces trust.
Instruction Scope: noteSKILL.md instructs obtaining sensitive data: copying a Grass.io session token from browser storage, supplying Storj API keys and wallet addresses, and reading a Mysterium keystore file (~/.mysterium/keystore/node.key). Those actions are coherent with the stated purpose but involve high-sensitivity secrets and local file access. The doc also promises automatic WhatsApp/Telegram messaging but gives no details on how messaging is authenticated or configured — a gap that could hide additional credential prompts or third-party services.
Install Mechanism: noteNo install specification and no code files are bundled (instruction-only). The SKILL.md references executing a 'passive-income-tracker' CLI and claims encrypted local storage, yet the registry package contains no installer or binaries. This forces users to fetch and run external code (GitHub repo link is provided), which is a legitimate path but increases risk because the skill package itself doesn't supply or verify the implementation.
Credentials: noteThe skill does not request environment variables via the registry metadata (none declared), which is consistent. It does, however, instruct users to supply many sensitive credentials (session tokens, API keys, email+password for Honeygain, node keystore). Those credentials are proportionate to the stated integrations but are sensitive; the documentation claims encrypted storage and 'no telemetry' without providing the code to verify how secrets are protected. Passing credentials on the command line (examples use CLI flags) risks exposure in shell history.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated or persistent platform privileges. It names standard OpenClaw tools (exec, message, web_fetch) in its metadata, which is normal. There is no evidence it modifies other skills or global agent configuration.