Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawpay
v0.1.0Private payments for AI agents - no on-chain link between sender and recipient
⭐ 0· 1.5k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (private payments via Railgun) match the runtime instructions: sign a wallet message, send USDT to an invoice address, and call clawpay.dev endpoints to shield/unshield. However the skill metadata declares no required credentials or env vars while the runtime instructions explicitly require a wallet private key (WALLET_KEY). That omission is an incoherence between claimed requirements and actual needs.
Instruction Scope
SKILL.md contains clear, concrete runtime steps (node script, sign message, call API endpoints, transfer tokens to invoice). It does not instruct the agent to read unrelated files or system secrets beyond the wallet key. The instructions do require executing user-supplied JS and making network calls to clawpay.dev, which is expected for this purpose.
Install Mechanism
This is instruction-only (no install spec, no downloaded code). The user is told to run npm install ethers and execute the provided script locally — the install surface is small and transparent.
Credentials
The runtime requires a wallet private key (WALLET_KEY) but the skill metadata lists no required env vars or primary credential. Requesting a private key is proportionate to making payments, but the metadata omission is misleading and increases risk (users or agents may not realize a secret is needed). Also relying on an external API (clawpay.dev) means the service operator can control the invoice addresses and the shielding flow — users must trust that operator with custody or routing of funds.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify other skills or system configs, and has no install actions. Autonomous invocation is allowed by default on the platform; that is normal but raises general caution when combined with credential access (see guidance).
What to consider before installing
Before using this skill: (1) Understand the trust model — the script sends USDT to an invoice address returned by https://clawpay.dev and then asks that service to shield/unshield; you are trusting that operator with your funds and the privacy claim. (2) Do not paste your private key into unknown code or into environment variables on shared machines. Prefer a hardware wallet, an in-process signing flow, or the referenced Bankr wallet (verify Bankr's provenance) rather than exposing WALLET_KEY. (3) The skill metadata fails to declare that a private key is required — treat that as a red flag and ask the publisher to add explicit required env var declarations. (4) Verify the service: check clawpay.dev ownership, source code, audits of the Railgun integration, and community reputation before sending real funds. (5) Test with a very small amount first and inspect the returned invoice address and API responses. (6) If you allow agent autonomy, restrict this skill from running without explicit user confirmation because it can initiate on-chain transfers when provided with signing credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk978dt7t7k00aeva6q0a0w6fbd80cyxw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.