Back to skill
Skillv1.2.4
ClawScan security
PayCrow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 10:29 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (a thin wrapper that calls an external Trust API); it does not request local credentials or install code, but it calls a third-party endpoint so you should verify the external service and treat results cautiously for high-value transfers.
- Guidance
- This skill is essentially a small client that calls a third-party Trust API; that design is coherent but has practical risks you should consider before relying on it for money transfers: - Verify the external service: inspect the linked GitHub repo (https://github.com/michu5696/paycrow), the npm package, and the deployed API (paycrow-app.fly.dev). Confirm the repo code, license, and whether the deployed endpoint matches the repo (source-to-deploy). Check commit history, maintainer reputation, and whether contracts are audited. - Privacy and leakage: every address you check is sent to paycrow-app.fly.dev. If you need privacy or don't want address-checks logged, run your own instance of the API or avoid using the skill. - Escrow caveat: the SKILL.md mentions an MCP server for escrow — that is separate software. Do not assume escrow protection without deploying and auditing that server and the on-chain contracts. Review the contract on BaseScan and verify bytecode/source matches the repo before trusting it with funds. - Treat scores as heuristics: the score is an aid, not a guarantee. For high-value payments, perform manual due diligence and consider multi-sig/escrow flows you control. If you decide to use the skill: test it with low-value transactions, confirm responses locally (curl) before automating, and prefer running your own instance of the service or self-hosting the MCP escrow component for production escrow use.
Review Dimensions
- Purpose & Capability
- okThe name/description (escrow + trust scoring on Base) matches the runtime instructions: a single curl against a PayCrow Trust API and optional instructions to use a separate MCP escrow server. Nothing in the SKILL.md asks for unrelated credentials, binaries, or system access.
- Instruction Scope
- noteInstructions are narrow: run curl against https://paycrow-app.fly.dev/trust/ADDRESS and parse the JSON. However, any address you check will be sent to that third-party endpoint (privacy/leakage risk). The skill also points to an external GitHub repo and an optional MCP server for escrow — those are external dependencies outside the agent's control.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No binaries are installed or extracted, which minimizes on-disk risk.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and references no config paths. This is proportionate for an instruction-only wrapper that queries a public HTTPS API.
- Persistence & Privilege
- okalways is false and disable-model-invocation is true (the skill cannot be invoked autonomously by the model), so it does not gain elevated persistent privileges or autonomous invocation. That reduces blast radius.