Back to skill
Skillv1.0.0
ClawScan security
Ntriq X402 Phish Radar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 12:00 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (phishing detection) matches the remote API it calls, but there are mismatches around how the service is described and how payments/credentials are handled, plus privacy risks from sending URLs to an unknown third-party endpoint.
- Guidance
- This skill calls a third-party endpoint and charges ~$0.03 USDC per query. Before enabling it: (1) verify the service reputation and terms on the vendor homepage; (2) understand how you will supply and protect the X-PAYMENT value (it is not declared as a required env var); (3) avoid sending sensitive or private URLs until you confirm the vendor's privacy/security practices; (4) test with non-sensitive examples and confirm the expected output and billing behavior; and (5) prefer skills that document explicit API key handling and TLS/endpoint verification when sending data to external services.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to perform real-time phishing detection and the SKILL.md documents a POST API for that purpose, which is coherent. However, the README claims analysis is done with "local AI" while the runtime instructions unambiguously call a remote endpoint (https://x402.ntriq.co.kr/phish-radar), an internal inconsistency.
- Instruction Scope
- concernThe instructions tell the agent to POST user-supplied URLs to an external service and to include an X-PAYMENT header for a per-call charge. There is no guidance in the skill metadata about how the payment header is provided or stored. Sending potentially sensitive URLs to an unknown third-party service is a privacy risk and the payment requirement is not declared as a required credential.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk and there is no installer risk.
- Credentials
- concernThe skill declares no required environment variables or credentials, yet the runtime instructions require an X-PAYMENT header (a credential/payment token). That credential handling is not declared or explained. The absence of declared credentials plus a required payment header is a proportionality/clarity issue.
- Persistence & Privilege
- okThe skill does not request always: true, no persistent installs, and does not modify other skills or system settings. Autonomous invocation is allowed (platform default) but not, by itself, a new concern.