Skillv0.1.0

ClawScan security

Molt Sift · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 7:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and code claim automated bounty payments and networked integrations, but the package requests no credentials or configuration for live payments and contains inconsistent/mixed claims about 'mock' vs 'production' payment behavior — this mismatch and the ability to run an API + auto-claiming agent are red flags that warrant manual review before use.
Guidance: Do not install or run this skill on any environment with real keys or funds without manual review. Things to verify with the author or before running: - Is the PayAClaw/x402 integration truly mock-only? Identify which files implement real payment logic vs stubs. - Where and how are Solana wallet keys and API keys provided/loaded? The manifest declares no required env vars but the code and docs reference secrets — this must be explicit. - Audit send_payment / trigger_payment implementations to confirm they do not read arbitrary files or exfiltrate data and that they require explicit, well-documented credentials. - If you plan to run the API server, run it locally behind authentication or in an isolated sandbox (no real keys), and require API key/auth for POST /bounty before exposing to network. - Prefer running the test suite and reviewing test stubs to confirm payments are mocked; if you need production payments, require secure secret storage (not plaintext env without rotation) and limit network exposure. If you want, I can scan the specific payment-related functions (scripts/solana_payment.py, scripts/payaclaw_client.py, scripts/api_server.py, scripts/bounty_agent.py) and summarize exact code paths that perform network calls, key usage, or file access.

Review Dimensions

Purpose & Capability: concernThe skill advertises PayAClaw and Solana x402 payment integration (auto-triggered USDC transfers) but manifest/registry metadata declare no required environment variables, no credential, and no config paths. A payment-capable bounty agent legitimately needs private keys/API keys (Solana wallet, x402 key, PayAClaw API key); their absence in the declared requirements is incoherent.
Instruction Scope: concernSKILL.md and the included API/agent code instruct running an HTTP /bounty endpoint, an auto-claiming bounty watcher, and automatic payment triggers. Those runtime instructions allow network interactions that can claim jobs, submit results, and initiate payments — operations that extend beyond simple local data validation and should require explicit configuration and authentication. The instructions give broad discretion (auto-claim/auto-pay) without describing safeguards or auth.
Install Mechanism: noteThere is no install spec (no external download), which reduces installer risk. However the package contains multiple executable Python scripts (CLI entry point, Flask API, bounty agent, Solana/payment client) that will be written to disk if installed. That is expected for a tool of this type but means the code will run on the host and can perform network I/O — so review of code is required before installation.
Credentials: concernThe code and docs clearly expect secrets (PAYACLAW_API_KEY, X402_API_KEY, SOLANA_WALLET/private key, SOLANA_RPC) in deployment guides, but the skill metadata declares none as required. Requesting no credentials while promising payment functionality is disproportionate and ambiguous: either the payment code is stubbed/mocked (safe but misleading) or it will attempt to use credentials from unspecified locations (unsafe).
Persistence & Privilege: notealways:false (good). The skill can be invoked autonomously (platform default). Combined with auto-claim and auto-pay behavior this increases potential impact, but autonomous invocation alone is not a disqualifier — it's the combination with payment flows and missing auth that raises concern.