Back to skill
Skillv1.0.0
ClawScan security
Ntriq X402 Pii Detect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 17, 2026, 12:01 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (PII detection) matches what its instructions do, but it asks the agent to send potentially sensitive text to a third-party payment-gated endpoint while not declaring how the required payment header/credential is supplied — this mismatch and the data-exfiltration risk warrant caution.
- Guidance
- This skill will send whatever text you provide (including emails, SSNs, names, credit card numbers, etc.) to a third-party service at x402.ntriq.co.kr and requires a payment header for each call. Before installing: (1) Confirm you trust the x402 service and read its privacy/data-retention policy — do not send sensitive PII until comfortable. (2) Ask the skill author to declare how the X-PAYMENT token is supplied (an env var or explicit prompt) and to mark that credential in the metadata; avoid placing private keys in plaintext. (3) Prefer testing with non-sensitive samples and verify costs (0.02 USDC per call). (4) If you need offline or in-house PII detection, consider local tools to avoid sending data externally. If the author can clarify the payment/auth flow and add a declared primaryEnv for the payment token, the coherence concern would be reduced.
Review Dimensions
- Purpose & Capability
- noteName/description and the runtime instructions align: the SKILL.md describes a remote PII-detection API and shows the exact POST request. The only mismatch is the payment requirement: the docs require an X-PAYMENT header for $0.02 USDC per call but the skill metadata declares no primary credential or required env vars. That omission is unexpected for a paid API.
- Instruction Scope
- okInstructions are narrowly scoped to calling a single external HTTPS endpoint (https://x402.ntriq.co.kr/pii-detect) with the text and a mask flag. There are no instructions to read local files, other env vars, or system state. However, the runtime behavior will transmit user text (including PII) to a third party, which is an inherent privacy/exfiltration risk the user must accept.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are pulled in. Lowest install risk.
- Credentials
- concernThe SKILL.md requires an X-PAYMENT header (x402 payment) to call the service, but the skill declares no required env vars or primary credential. That is a proportionality/clarity issue: the agent or user must supply a payment token/wallet on each call, yet the skill gives no guidance for how that credential is to be provided or stored. Because calls send PII and require a payment mechanism (wallet/USDC), the missing declaration of credentials is a security/privacy concern.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level privileges or to modify other skills. Autonomous invocation (model-invocation enabled) is the platform default and not by itself a problem; users should note the agent can call the third-party endpoint if allowed.