Skillv1.0.1

ClawScan security

Token Unlock Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 10:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (token-unlock alerts) aligns with its code and env requirements, but there are several implementation issues—most importantly a hard-coded SkillPay API key and a default debug mode that bypasses payment—that make the package suspicious and worth manual review before installation.
Guidance: This skill is generally coherent with its stated purpose (token-unlock alerts) but has implementation issues that warrant caution: - The code and README embed a default SKILLPAY API key and SKILL_ID; treat that as a leaked/placeholder secret. Do not assume it is safe to use. Ask the author to remove any hard-coded keys and never ship secrets in source files. - Config.DEBUG defaults to true and the payment routine bypasses charging in debug mode. If you need enforcement of payments, set DEBUG=false and verify charge_user works against SkillPay with your own key. - The service makes outbound calls to skillpay.me (billing) and likely to token data providers; run it in an isolated environment if you test it and inspect network activity. - If you plan to install/run the code: replace the embedded API key with your own, set DEBUG=false, rotate any keys if they were leaked, and review the entire api/main.py for any other hard-coded endpoints or unexpected behavior (the source appears to have a truncated function in the provided snapshot that should be fixed). If you cannot confirm the developer identity or cannot safely replace/remove the embedded secrets, avoid installing this skill in production or on machines with sensitive credentials.

Review Dimensions

Purpose & Capability: okName/description (代币解锁预警) matches the code and declared requirements: a Python backend (FastAPI), SQLite usage, and SkillPay billing. Required binary (python3) and required envs (SKILLPAY_API_KEY, SKILL_ID) are consistent with the described payment-integrated API service.
Instruction Scope: okSKILL.md instructions and API surface (alerts, calendar, watchlist, portfolio import, billing) stay within the token-unlock monitoring domain. The runtime instructions do not ask agents to read unrelated host files or arbitrary environment variables beyond those declared.
Install Mechanism: okNo install spec is provided (instruction-only install), so nothing is automatically downloaded or executed outside included code files. A Python service is provided in api/main.py and requirements.txt; installing/running it requires standard Python dependencies only.
Credentials: concernOnly SKILLPAY_API_KEY and SKILL_ID are declared, which is proportional to a pay-per-call service—however the code and README include a hard-coded default SkillPay API key and a default SKILL_ID. Additionally Config.DEBUG defaults to true (via os.getenv default), and the payment function short-circuits when DEBUG is true, effectively bypassing payment checks in default configurations. Hard-coded credentials and default debug bypasses are significant red flags for credential leakage and unintended usage.
Persistence & Privilege: okThe skill does not request always:true and does not appear to modify other skills or global agent configuration. It persists data locally via an SQLite DB file (DATABASE_URL default), which is normal for this kind of service.