Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
fraud-filter
v0.3.0Community trust scores for AI agent payment endpoints — checks endpoint reputation before payment and auto-reports failures to the network.
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code (plugin.js, hooks, server, sync scripts) matches the stated purpose: it intercepts payment-like tool calls, looks up a trust DB / hotlist, and queues/submits anonymous outcome reports. Required binary (node) is appropriate. The skill fetches data from and posts reports to api.fraud-filter.com which aligns with its homepage and description. Minor mismatch: sync script can use curl or wget but those are not declared in the skill metadata (only node is declared).
Instruction Scope
The SKILL.md and the included code instruct the agent to inspect every payment-like tool call (by name and by scanning params) and to automatically queue/post failure reports. This gives the skill broad visibility into payment interactions across the agent. There is an internal inconsistency about reporting: SKILL.md and TECHNICAL state automatic agent-side reporting for failures, while README/config examples show `participate_in_network: false` (opt-in). The hooks call queueReport directly (the actual reporter implementation may gate sending, but that behavior is not obvious at a glance).
Install Mechanism
No external install/download is performed by an install spec (instruction-only). The code is shipped with the skill and runs via Node.js. There are no remote code downloads during install, though the skill does fetch trust/hotlist JSON at runtime from api.fraud-filter.com.
Credentials
The skill requests no credentials or required env vars in metadata. Runtime code optionally respects FRAUD_FILTER_PORT, FRAUD_FILTER_HOTLIST_URL, and FRAUD_FILTER_HOTLIST, which are reasonable optional overrides. The sync script, however, expects curl or wget if present and will fail if neither is available — that runtime assumption isn't reflected in the declared required binaries. Network access to api.fraud-filter.com is required for normal operation (trust DB and reporting) — expected for the skill's purpose but a privacy/availability consideration.
Persistence & Privilege
always:false (not force-installed). The plugin registers before_tool_call and tool_result_persist hooks, giving it autonomous runtime ability to intercept and act on payment tool calls — this is coherent for its purpose but increases blast radius because it can automatically report and block/warn on payments. No evidence it modifies other skills' configs; it stores data under its own data/ directory with mode 0600 per docs.
What to consider before installing
Summary of what to check and consider before installing:
- Visibility & auto-reporting: The plugin intercepts all payment-like tool calls and can automatically queue and (depending on config) send anonymous failure reports to api.fraud-filter.com. If you are uncomfortable with an agent automatically reporting observed failures, inspect reporter.js to confirm whether the default config truly disables outbound reports or whether the plugin will queue/send by default.
- Conflicting documentation: SKILL.md/TECHNICAL describe automatic, agent-driven reporting; README shows a config option participate_in_network:false (opt-in). Ask the author or review reporter.js/trust-db.js to confirm the true default behavior.
- Data sent and privacy claims: The project claims it hashes URLs and buckets amounts before sending. If privacy is important, review reporter.js to verify hashing and that full URLs, exact amounts, API keys, or other identifying data are never transmitted. The local files claim 0o600 permissions and localhost-only dashboard, which is good practice — verify on your system after install.
- Network requirements & undeclared binaries: The skill requires network access to api.fraud-filter.com and optionally to a CDN for trust.json; sync-trust-db.sh uses curl or wget if available but the metadata only declares node. If your environment lacks curl/wget you may see sync failures. Consider running the skill in an isolated environment first.
- Misuse/abuse potential: Because the skill can block payments (policy-controlled) and auto-report failures, a malicious or buggy version could cause denial-of-service (false blocks) or noisy reporting. Confirm the server endpoints (api.fraud-filter.com) are operated by a trusted party and consider testing with the `participate_in_network` flag turned off while you verify behavior.
- What would raise my confidence to high: seeing the full reporter.js and trust-db.js code paths that show (a) reporter respects the opt-in flag, (b) hashing implemented locally before any network transmission, and (c) no accidental inclusion of raw URLs/identifiers in outbound payloads. Also verify the default config shipped on first run (install_id generation and participate_in_network default).test/test.js:604
Shell command execution detected (child_process).
server/hotlist-sync.js:16
Environment variable access combined with network send.
server/reporter.js:6
Environment variable access combined with network send.
test/test.js:607
Environment variable access combined with network send.
server/reporter.js:1
File read combined with network send (possible exfiltration).
test/test.js:3
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk975mc73wqt561gq9drjj2hass83y50h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
OSmacOS · Linux
Binsnode