ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Strider PayPal

v1.0.0

Send and receive money via PayPal using Strider Labs MCP connector. Send payments, request money, check balance, view transactions. Complete autonomous onlin...

0· 76·1 current·1 all-time
by@markswendsen-code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and required binary (npx) align with a connector that runs an npm MCP package. No unexpected environment variables or unrelated binaries are requested. Requiring npx is reasonable for an MCP implemented as an npm package.
!
Instruction Scope
SKILL.md instructs the MCP config to run `npx -y @striderlabs/mcp-paypal` (i.e., fetch and execute code from the npm registry at runtime). It describes OAuth-based auth and claims tokens are 'stored encrypted per-user' but gives no details about where/how tokens are stored or how the 'explicit confirmation' requirement is enforced. The skill enables monetary actions (send, transfer, invoice) that could be invoked by the agent; the instructions do not define or enforce a verifiable manual confirmation step.
!
Install Mechanism
There is no install spec in the registry entry — the runtime behavior relies on using npx to download and execute an npm package. Dynamic execution of a remote package (-y makes it non-interactive) increases risk: the package could contain arbitrary code. The registry does point to an npm package and a homepage, but provenance and package contents are not verified here.
Credentials
The skill requests no pre-provisioned env vars (reasonable because it uses OAuth). However, OAuth tokens are required at runtime yet are not described in terms of scope, storage location, retention, or access controls. That lack of detail makes it hard to confirm the credential handling is proportionate and safe.
!
Persistence & Privilege
always:false (good), but disable-model-invocation is false (default) so the agent may autonomously invoke the skill. Given that the skill can perform real-money operations, autonomous invocation combined with dynamic remote code execution represents a meaningful risk unless strict confirmation and usage policies are enforced externally.
What to consider before installing
Before installing or enabling this skill: 1) Verify the npm package and publisher (visit the npm page and Strider Labs site, confirm package owner and recent release history). 2) Inspect the package source code (or ask the vendor for audited code) — npx will download and execute code, so you should be able to review what runs. 3) Confirm where OAuth tokens will be stored and who/what can access them; prefer storing tokens in a trusted secrets store and limit token scopes. 4) Disable autonomous invocation or require an explicit, verifiable human confirmation flow for every payment; do not rely solely on the skill's prose claim that "All payments require explicit confirmation." 5) Consider pinning to a specific package version or hosting a vetted mirror instead of running npx with a floating package name. 6) Test in a sandbox account with small amounts before using real funds. If you cannot verify package provenance and token handling, treat the skill as high-risk and do not enable it for accounts with real funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk970wk4m96h4a8b99pqhfc96z983by9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx

Comments