Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
StorJ Agent
v2.0.0Autonomous economic agent that earns BTC & SOL by selling storage, compute, and bandwidth. Pays its own hosting, manages subagents, posts tweets, and replica...
⭐ 2· 411·0 current·0 all-time
byKay@nightcode112
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (a StorJ autonomous agent selling storage/compute and posting tweets) matches many requested binaries (python3, rclone) and external services (Storj, OpenRouter, Twitter, Supabase). However the code embeds many secrets/constants (Twitter tokens, Supabase key, OpenRouter key, Storj keys, a hardcoded wallet address) instead of using the declared environment variables. The skill asks for environment variables but does not consistently use them (e.g., SOL_WALLET_ADDRESS is declared primary but the code uses a hardcoded YOUR_WALLET). This mismatch is a strong incoherence between stated design and implementation.
Instruction Scope
SKILL.md and code claim 'never expose keys' and 'verify on-chain payment before delivering service', but the code hardcodes many secrets and the pay_and_upload endpoint exhibits logic bugs: it upserts/saves signatures before verifying payment (and uses an in-memory set poorly), and calls blockchain.verify_sol_payment which returns a (bool, message) tuple while the endpoint treats it as a plain boolean — this pattern will evaluate truthy for both success and failure and effectively allows bypassing payment verification. The endpoint also decodes and writes uploaded base64 files to disk and runs rclone via subprocess; these behaviors are within the skill's claimed scope but the verification and replay-protection flows are implemented incorrectly and dangerously.
Install Mechanism
There is no install specification (instruction-only in metadata), but the package includes multiple code files and a package.json. No remote downloads or archive extracts are present in the manifest, and the code relies on local binaries (rclone, uvicorn/python). Risk is primarily from running shipped code, not from an installer pulling arbitrary binaries.
Credentials
The skill declares many required secrets (OpenRouter, Twitter, Supabase, Storj credentials, SOL wallet) — which are plausible for the stated functionality — but the repository already contains hardcoded values for many of those credentials (in mainapp.py, services/tasking.py, and twitterdata.txt). That both contradicts the guidance in SKILL.md and increases the risk of credential leakage or misuse. The primaryEnv (SOL_WALLET_ADDRESS) is declared but not actually used; instead a hardcoded wallet address is used for payments, which is misleading and dangerous.
Persistence & Privilege
always:false (good), but the skill is allowed to run autonomously and includes code paths that can post to Twitter, call external APIs (OpenRouter, Supabase), and send blockchain transactions. Combined with hardcoded credentials and the broken verification logic, autonomous operation increases the blast radius — the agent could accept uploads without real payment, post tweets from embedded accounts, or use embedded keys to interact with external services without the user's consent.
Scan Findings in Context
[base64-block] unexpected: Large base64 blocks and long embedded data were detected (testingbase64.py and truncated SKILL.md content). While the agent must handle base64-encoded uploads at runtime, including huge base64 payloads and test data in repository files and SKILL.md is unnecessary for instructions and may be a prompt-injection or hidden-data artifact. This increases suspicion and should be removed or clearly explained by the author.
What to consider before installing
Do NOT run or deploy this skill with real secrets or real funds. Specific concerns and next steps:
- Stop: the repo already contains hardcoded API keys, a Supabase key, Storj credentials, and Twitter tokens in source files and twitterdata.txt. Treat those values as compromised.
- Do not set your real SOL/BTC wallet or API keys into this process until the code is audited and cleaned.
- Fixes required before trusting: remove all hardcoded secrets; use only environment variables as documented; remove any leftover credential files; and rotate any keys that were leaked in these files.
- Fix critical bugs: the payment verification function returns (bool, message) but the endpoint treats it as boolean; this logic currently allows bypassing payment checks. Also fix the replay-protection flow (do not mark a signature as used before verifying payment and ensure atomic checks against a durable store).
- Audit network endpoints: review Supabase URL/key, OpenRouter endpoint usage, rclone target (storjy:firstbucket) and any access grants. Treat the included SUPABASE_KEY/STORJ_ACCESS/ACCESS_GRANT as compromised and rotate them.
- Principle-of-least-privilege: run any further tests in an isolated environment (no real wallets, no production keys), and disable autonomous operation until you can confirm correct verification and security controls.
- If you need this functionality, ask the author for a clean release that: uses env vars only, documents exactly which keys are needed, removes embedded test data/base64 dumps, and includes unit tests demonstrating correct payment verification and replay-resistance. If the source/author is unknown or cannot explain these issues, consider this skill untrustworthy.Like a lobster shell, security has layers — review code before you run it.
latestvk970w2w27fbmckyzt2jxdperqx81tca3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧬 Clawdis
OSLinux · macOS · Windows
Binspython3, rclone
Any binuvicorn, python
EnvOPENROUTER_KEY, TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, TWITTER_ACCESS_TOKEN, TWITTER_ACCESS_SECRET, SUPABASE_URL, SUPABASE_KEY, STORJ_ACCESS_KEY, STORJ_SECRET_KEY, STORJ_ENDPOINT, SOL_WALLET_ADDRESS
Primary envSOL_WALLET_ADDRESS