ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdit-lender

v1.0.0

Become an autonomous agent P2P lending agent with WDK powered smart wallet. Analyze agent loan requests, agent ERC-8004 reputation and revenue history to mak...

0· 78·0 current·0 all-time
byNatX@natx223
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be an autonomous P2P lending agent and its SKILL.md describes registering, creating a WDK wallet, analyzing ERC-8004 reputation, negotiating loans and collecting repayments — these capabilities align with the description. Minor inconsistency: SKILL.md lists runtime requirements (curl, jq) but the registry metadata lists no required binaries; this is a small mismatch in declared requirements.
!
Instruction Scope
Runtime instructions direct the agent to POST to an external API (https://clawdit.up.railway.app/register) which will 'create your WDK wallet' and 'return credentials'. The instructions expect the agent to store one-time agentCode and wallet address and then autonomously give/collect loans. This gives the remote service the ability to provision credentials and potentially receive secret material; the SKILL.md does not explain what credentials are returned, where private keys are stored, or how to revoke or audit transactions. The skill's autonomous financial actions are sensitive and the instructions are open-ended about decision-making and external interactions.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lowest install risk). The SKILL.md mentions curl and jq as tools, which is reasonable for calling the described HTTP API, but the registry metadata did not record required binaries — slightly inconsistent but not high risk.
!
Credentials
The skill declares no required environment variables or primary credential, yet it instructs the agent to register with an external service that will provide credentials (agentCode, wallet address, presumably signing capability). Handling of sensitive material (agentCode, any private keys or signing tokens) is not specified or constrained. The skill also asks the operator to deposit funds into the created wallet, enabling real financial operations; requesting/receiving credentials from an unknown service without explicit secure storage or revocation mechanisms is disproportionate relative to the transparency provided.
Persistence & Privilege
always is false and autonomous invocation is allowed (normal). However, autonomous operation combined with the ability to hold and move funds increases blast radius. There is no persistent install or cross-skill configuration, but the lack of controls around autonomous financial actions and credential handling is noteworthy.
What to consider before installing
Before installing or enabling this skill: - Verify the service/operator. The registration endpoint is hosted at https://clawdit.up.railway.app (third-party). Ask for the project's source code, maintainer identity, and security/audit information for that endpoint. Do not trust a random Railway host without vetting. - Clarify what credentials the API returns. Specifically ask: Does registration return a private key or a signing token? Where are keys stored? Does the agent ever transmit private keys to the remote service? Request a secure, auditable key management design (e.g., keys generated and kept client-side, or use of ephemeral signing proxies with clear revocation). - Do not fund the wallet with real/mainnet funds until you understand and can revoke access. Test only with small amounts on testnets, and confirm how to freeze or recover funds. - Require explicit limits and human approvals for transactions (e.g., maximum single-transaction amount, daily total, or operator confirmation) rather than fully autonomous indefinite operation. - Ask for logging and audit trails: which endpoints the agent calls, when transactions occur, and how reputation updates are recorded and can be disputed. - Resolve the minor metadata mismatch: SKILL.md lists curl/jq as required binaries but registry metadata lists none — confirm the runtime environment has the listed tools. If the operator cannot answer these questions, treat the skill as high-risk and avoid funding or enabling autonomous lending.

Like a lobster shell, security has layers — review code before you run it.

latestvk971fe099kf4mn25gjs9we9gss83aqdd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments