Skillv1.0.0

ClawScan security

Funpay Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 10:04 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill includes a hard-coded FunPay API key and real chat state data while claiming Telegram notifications (but contains no Telegram integration or declared credentials), which is inconsistent and risky.
Guidance: Do not install/run this skill as-is. Key concerns: (1) monitor.py contains a hard-coded FunPay API key (GOLDEN_KEY) that is not declared in metadata — this exposes an account and gives the skill direct access to chats; (2) the bundle includes state.json with many real chat messages (sensitive data); (3) the description promises Telegram notifications but there is no Telegram integration or declared token, so functionality and data flows are unclear; (4) invisible/control characters were detected which can hide content. If you want to use a similar tool safely, ask the author to: remove the hard-coded key and require a documented environment variable (e.g., FUNPAY_API_KEY), scrub or omit any bundled chat logs, implement and document Telegram integration (and require TELEGRAM_BOT_TOKEN/CHAT_ID), publish installation steps and the FunPayAPI dependency, and explain exactly what data is sent externally. If you already ran this code using your environment, rotate any exposed FunPay credentials immediately and audit account activity. If the embedded key appears to belong to someone else, do not use it — contact the owner or treat the bundle as untrusted.
Findings: [unicode-control-chars] unexpected: Control/unicode-invisible characters were detected in the skill files (state.json contains a leading invisible character in at least one message). This isn't expected for a simple chat-monitoring helper and can be used to hide or obfuscate content or attempt prompt-injection.

Review Dimensions

Purpose & Capability: concernThe description promises Telegram notifications and forwarding unknown messages to the owner, but the bundled code does not implement any Telegram API calls or require a Telegram token. Instead it contains a hard-coded FunPay API key (GOLDEN_KEY) and operates directly on chats; the skill declares no required credentials. That mismatch (claimed external notification vs actual local printing and an undisclosed API key) is incoherent.
Instruction Scope: concernSKILL.md simply says to run monitor.py; the script reads and writes state.json, uses a FunPay Account object with a hard-coded API key, sends replies via acc.send_message, and emits notification strings to stdout. The instructions do not document the embedded API key, the provenance of state.json (which contains many real chat messages), or how notifications reach the owner (no Telegram webhook or token). The bundle also contains a unicode/control-character artifact which may be used to hide or obfuscate content.
Install Mechanism: noteThere is no install spec (instruction-only with bundled code). That lowers installer risk, but the code depends on an external module (FunPayAPI) with no declared install step. The lack of installation instructions means runtime behavior is unclear and may fail or cause the operator to add packages ad-hoc.
Credentials: concernThe repository contains a clear secret (GOLDEN_KEY) hard-coded into monitor.py rather than declared as a required environment variable. The skill also bundles a state.json file containing many past chat messages (sensitive user data). The metadata declares no credentials while code includes a credential with broad access to FunPay chats — this is disproportionate and suspicious.
Persistence & Privilege: notealways:false (normal). The skill is invocable/autonomous by default (platform standard). Combined with the embedded API key and chat access, autonomous runs could access and reply to chats without further configuration, increasing blast radius; this combination is noteworthy though not sufficient alone to mark it malicious.