Skillv1.0.0

ClawScan security

Vatgentic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 9:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement paid VAT lookups over Lightning and the included code matches that purpose, but there are multiple metadata/instruction inconsistencies and an unknown external endpoint that warrant caution before installing or providing payment credentials.
Guidance: This skill generally does what it says (request a VAT check and return a Lightning invoice), but there are several inconsistencies and transparency gaps you should address before using it: - Do not provide auto-pay credentials (LNBOT_API_TOKEN / LNBOT_WALLET_ID) unless you fully trust the author and the endpoint. Auto-pay can move real funds. - The scripts require VATGENTIC_API_URL but the registry metadata did not declare it; SKILL.md suggests an unfamiliar host (https://fair-earwig.pikapod.net). Verify the canonical service URL (official vatgentic domain) and change VATGENTIC_API_URL to a known/trusted endpoint before using. - README mentions reading ~/.openclaw/secrets/lnbot-api.json and other workspace files, but the shipped scripts do not actually read that file. Confirm which files the skill will read in your environment and search the code for any hidden file reads before trusting it. - If you want to use auto-pay, inspect scripts (vatgentic-validate.py / vatgentic-request.py) yourself or run them in a sandbox to confirm they only send the VAT number and invoice/payment info to the configured API and do not exfiltrate other data. - Prefer manual payment (do not set auto-pay) during initial testing and run a few lookups with minimal amounts to confirm behavior and responses. Monitor network activity to ensure requests go to the expected host. - Ask the publisher for clarifications: authoritative homepage/docs, reason for the fair-earwig.pikapod.net host, and an updated SKILL.md/metadata that declares required env vars and file access. Given the mismatches (undeclared required env var, unknown endpoint, and documentation/code drift), treat this skill as suspicious until the above clarifications are provided or you confirm behavior in a sandbox.

Review Dimensions

Purpose & Capability: noteName/description match the code: the Python scripts request a VAT lookup from a service URL and return Lightning invoices. Required binaries (python3, curl, jq) are plausible for the examples, though the Python scripts themselves use the requests library (curl/jq are used in SKILL.md examples). However, the package/registry metadata does not declare the VATGENTIC_API_URL environment variable that the scripts require at runtime — a metadata/instruction mismatch that can cause runtime failures and hides the actual external endpoint the skill will contact.
Instruction Scope: concernSKILL.md and scripts instruct the agent to POST VAT numbers and poll status at whatever VATGENTIC_API_URL is set. The Quick Start suggests VATGENTIC_API_URL='https://fair-earwig.pikapod.net' (a third-party host unrelated to the claimed vatgentic.com/docs), which is an unknown external endpoint — this is a material behavioral detail users must know. README also documents access to local workspace files and a secrets path (~/.openclaw/secrets/lnbot-api.json) but the included scripts do not actually read that path; that discrepancy suggests the documentation and code are out of sync. The scripts will send VAT numbers (and potentially invoice/payment requests) to the configured remote service — there are no instructions to read unrelated local files, but the skill does support optional auto-payment using provided ln.bot credentials.
Install Mechanism: okNo install spec — instruction-only with included Python scripts. Nothing is downloaded or extracted during install. This is lower-risk from an install-supply perspective, but included scripts are present on disk and will execute when used.
Credentials: noteThe skill requires a service URL (VATGENTIC_API_URL) and optionally ln.bot credentials (LNBOT_API_TOKEN, LNBOT_WALLET_ID) for auto-pay. Those credentials are proportional to the advertised auto-pay feature. However: (1) the registry metadata did not declare VATGENTIC_API_URL as required, (2) the SKILL.md examples hard-code an unfamiliar host (fair-earwig.pikapod.net), and (3) README lists additional env vars and a local secret path which are not consistently used by the scripts. Missing/incorrect env metadata and undocumented endpoint choices reduce transparency and increase risk if users supply keys without understanding destination or behavior.
Persistence & Privilege: notealways is false and the skill does not request permanent platform privileges or modify other skills. However, because the skill supports automatic payments when LNBOT credentials are provided and agent invocation is allowed (default), an agent could perform real Lightning payments if given credentials and invoked autonomously. Combine that with the unknown external endpoint and you should be cautious about granting auto-pay credentials or enabling autonomous invocation for this skill.