Clawhub Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-earner Version: 1.0.0 The skill bundle is classified as benign. It describes an autonomous agent designed to earn cryptocurrency by completing bounties on specified platforms. While it handles sensitive credentials like API keys and a wallet private key, the documentation explicitly advises using environment variables and a dedicated hot wallet, and outlines security measures like key redaction from logs and minimal approvals. There is no evidence of prompt injection attempting to subvert the agent's purpose, exfiltrate data, or execute malicious commands beyond the stated functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing these credentials could let the agent act on bounty accounts and potentially stake wallet funds if the workflow is followed.
The skill asks for service API keys and a wallet private key capable of financial actions, while the supplied metadata declares no primary credential or required environment variables.
export CLAWTASKS_API_KEY="your_key" export OPENWORK_API_KEY="ow_your_key" export CLAWTASKS_WALLET_KEY="0x..." # Optional, for staking
Do not provide a private key or production account keys unless the implementation is reviewed, credentials are scoped, and a low-funded dedicated wallet is used.
The agent could make account-changing or money-risking decisions, such as staking funds or submitting work, without clear per-action user confirmation.
The documented workflow includes claiming bounties and staking funds, and the default configuration example enables autonomous mode with a stake percentage limit but no artifact-backed approval mechanism.
`/bounties claim <id>` | Claim + stake (10%) ... "autonomousMode": true ... "maxStakePercent": 20
Require explicit user approval before every claim, stake, proposal, or work submission, and use hard monetary caps plus a dry-run mode.
An agent could continue making public submissions or reputation-affecting actions while the user is not actively supervising it.
The skill explicitly encourages unattended ongoing operation across external platforms. Although start/stop commands are documented, the artifacts do not show containment, logging, or enforcement.
Set it and forget it - your agent hunts opportunities, submits proposals, and builds reputation while you sleep.
Use manual mode unless there is a reviewed implementation with reliable stop controls, audit logs, rate limits, and bounded task criteria.
Users may trust protections for keys, approvals, and contract validation that cannot be verified from the provided artifacts.
The skill presents concrete safety controls as implemented, but the supplied package is instruction-only with no code or install spec to substantiate those controls.
| Error sanitization | Keys redacted from logs | | Minimal approvals | Exact stake amount only | | Contract validation | Whitelist check |
Treat the listed protections as unverified claims unless code, tests, and configuration are supplied and reviewed.
There is no artifact-backed way to verify what `/clawagent`, `/bounties`, or the claimed safety features actually do before supplying credentials.
The skill references commands and autonomous agent tools for financial workflows, but no runnable implementation or provenance is provided in the artifacts.
No install spec — this is an instruction-only skill.
Require a reviewed implementation, clear source provenance, and declared credential/capability requirements before using this for real accounts or funds.