Clawhub Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill asks an autonomous agent to use API keys and an optional wallet private key for paid bounty work, but its credentials, financial authority, and safety controls are not well bounded by the supplied artifacts.
Review carefully before installing. Do not give this skill a wallet private key or real platform API keys unless you can verify the implementation, limit funds to a dedicated hot wallet, disable autonomous staking, and require approval for every external submission or financial action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing these credentials could let the agent act on bounty accounts and potentially stake wallet funds if the workflow is followed.
The skill asks for service API keys and a wallet private key capable of financial actions, while the supplied metadata declares no primary credential or required environment variables.
export CLAWTASKS_API_KEY="your_key" export OPENWORK_API_KEY="ow_your_key" export CLAWTASKS_WALLET_KEY="0x..." # Optional, for staking
Do not provide a private key or production account keys unless the implementation is reviewed, credentials are scoped, and a low-funded dedicated wallet is used.
The agent could make account-changing or money-risking decisions, such as staking funds or submitting work, without clear per-action user confirmation.
The documented workflow includes claiming bounties and staking funds, and the default configuration example enables autonomous mode with a stake percentage limit but no artifact-backed approval mechanism.
`/bounties claim <id>` | Claim + stake (10%) ... "autonomousMode": true ... "maxStakePercent": 20
Require explicit user approval before every claim, stake, proposal, or work submission, and use hard monetary caps plus a dry-run mode.
An agent could continue making public submissions or reputation-affecting actions while the user is not actively supervising it.
The skill explicitly encourages unattended ongoing operation across external platforms. Although start/stop commands are documented, the artifacts do not show containment, logging, or enforcement.
Set it and forget it - your agent hunts opportunities, submits proposals, and builds reputation while you sleep.
Use manual mode unless there is a reviewed implementation with reliable stop controls, audit logs, rate limits, and bounded task criteria.
Users may trust protections for keys, approvals, and contract validation that cannot be verified from the provided artifacts.
The skill presents concrete safety controls as implemented, but the supplied package is instruction-only with no code or install spec to substantiate those controls.
| Error sanitization | Keys redacted from logs | | Minimal approvals | Exact stake amount only | | Contract validation | Whitelist check |
Treat the listed protections as unverified claims unless code, tests, and configuration are supplied and reviewed.
There is no artifact-backed way to verify what `/clawagent`, `/bounties`, or the claimed safety features actually do before supplying credentials.
The skill references commands and autonomous agent tools for financial workflows, but no runnable implementation or provenance is provided in the artifacts.
No install spec — this is an instruction-only skill.
Require a reviewed implementation, clear source provenance, and declared credential/capability requirements before using this for real accounts or funds.