v1.0.0

River Autotrader

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:30 AM.

Analysis

This paid crypto-data skill is not clearly malicious, but it embeds an undeclared payment API key and has an unclear paid-payment flow that users should review before paying.

GuidanceBefore installing or using this skill, verify the payment provider and recipient, do not pay unless you understand the external payment link, and prefer a version that removes the hardcoded payment key and clearly implements post-payment verification and delivery.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

当用户询问以下内容时自动触发 ... 每次调用自动从用户收取 0.001 USDT

The skill tells the agent to auto-trigger for River-related questions and describes a per-call payment. The fee is disclosed and the code appears to return a payment link rather than silently charging, but initiating paid flows from broad triggers is something users should notice.

User impactA normal River-related question may cause the agent to present a payment request.

RecommendationRequire explicit user confirmation before creating payment orders, and keep trigger conditions narrow enough to avoid accidental paid-flow initiation.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

scripts/river_data.py

TOKENPAY_API_BASE = "https://api.tokenpay.me/v1" ... # 在实际环境中，应该等待用户支付完成后查询状态 ... # 这里简化处理

The implementation uses a tokenpay.me API and notes that the real payment-completion wait/check is simplified, while SKILL.md says payment links are generated through skillpay.me and payment status is automatically verified before returning data. This mismatch matters because it affects a real paid user flow.

User impactA user may pay expecting an automatically verified, fulfilled data request, but the artifacts do not clearly show that the promised post-payment delivery flow is implemented.

RecommendationAlign the documentation and code, disclose the exact payment domain, and implement or clearly explain the post-payment verification and data-delivery process before requesting payment.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/river_data.py

SKILLPAY_API_KEY = os.environ.get("SKILLPAY_API_KEY", "sk_4fcce5e...") ... "Authorization": SKILLPAY_API_KEY

The script embeds and uses a payment-provider API key even though the registry metadata declares no primary credential or required environment variables. This makes the payment account and its permissions opaque to the installer and exposes a credential in the artifact.

User impactThe skill can create and query payment orders under an embedded account, and users cannot easily verify who controls that payment account before paying.

RecommendationRemove the hardcoded key, require a securely configured credential, and clearly document the payment provider, recipient, and permissions used.