Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and runtime instructions implement a payment client and legitimately require PAYMENT_API_KEY and PAYMENT_API_SECRET; that matches the stated purpose. However metadata and configuration disagree in several places: _meta.json and src/payment_skill.yaml list PAYMENT_API_URL as required whereas SKILL.md lists it as optional; default API endpoints differ across files (api.zlclaw.com in SKILL.md/config, api.alipay.com in payment_skill.yaml). Owner IDs also differ between the registry metadata and _meta.json. These inconsistencies make it unclear which endpoint and configuration are authoritative.
Instruction Scope
SKILL.md instructs the agent to run skill_cli.py and to set PAYMENT_API_KEY/SECRET — which is consistent with the code. The runtime instructions do not direct the agent to read unrelated system credentials or exfiltrate data. The code does load config files from config/<env>.env if env vars are missing, and the diagnostic script inspects environment variables (masking keys when printing). That behavior is expected for a payment client, but you should be aware the skill will read env vars and local config files if present.
Install Mechanism
There is no registry install spec but the package includes a local scripts/setup.sh that creates a virtualenv and pip-installs pinned packages from local requirements files. Dependencies are pulled from PyPI (no arbitrary external binary downloads). This is typical but means installing the skill will install Python packages into a venv — review pinned versions before installation.
Credentials
The skill legitimately needs API key/secret; these are declared in various places. However required/optional env-vars are inconsistent across SKILL.md, _meta.json, and payment_skill.yaml (PAYMENT_API_URL appears as required in some metadata and optional in SKILL.md). The skill also references PAYMENT_ENCRYPTION_KEY (encryption) and PAYMENT_LOG_FILE (a file path possibly under /var/log). The yaml requests storage.read/storage.write/crypto.sign permissions. Requesting write access to system log paths or using an encryption key is plausible for a payment service, but the mismatched declarations and the potential for log files to contain sensitive info are notable and should be validated.
Persistence & Privilege
always:false and agent autonomous invocation is allowed (default) — nothing unusual. The skill writes logs to a local logs/ directory and production config suggests /var/log/payment-skill — writing to system log directories may require elevated permissions. The install script creates a venv in the project folder (no system-wide install). The yaml's storage permissions and the production log path are things to consider for deployment and least privilege.
What to consider before installing
This package contains working payment-client code, but there are several inconsistencies and configuration choices you should check before installing:
- Verify the correct API endpoint and owner: files disagree (api.zlclaw.com vs api.alipay.com) and ownerId values differ. Confirm which remote service you will talk to and that you trust that service and owner.
- Confirm required environment variables: SKILL.md, _meta.json, and YAML disagree about whether PAYMENT_API_URL is required. Ensure you understand which env vars must be set and where secrets (PAYMENT_API_SECRET) will be stored.
- Check logging configuration and file paths: production config mentions /var/log/payment-skill; decide whether logs will contain sensitive data and whether the skill should be allowed to write there. Prefer giving the skill a confined writable path.
- Encryption behavior: encryption is optional but DataEncryption.from_env requires a 32-byte PAYMENT_ENCRYPTION_KEY if used. Confirm how the skill uses that key and where it is stored.
- Run in an isolated environment first: install into an isolated VM/container or dedicated venv, review network calls (to the configured API_URL), and test with non-production credentials.
- Inspect pinned dependencies: requirements are pinned and include cryptography/pycryptodome; consider updating to supported versions if needed and scan dependencies for vulnerabilities.
- Source provenance: there is a GitHub issues link and an email in SKILL.md, but registry source/homepage are missing. If you need assurance, ask the maintainer for the canonical repository and verify the commit history and owner before trusting production credentials to this skill.
If you cannot verify the endpoint, owner, and configuration, treat this skill as risky for production use (use test credentials in an isolated environment until you can confirm).Like a lobster shell, security has layers — review code before you run it.
latestvk97fd51ery8yxjdhwqt218qb558394vz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.