GTA Real Estate Report Generator
MaliciousAudited by ClawScan on May 1, 2026.
Overview
This skill tries to charge users through an external payment API while the included code does not generate the promised real estate report and the instructions point to an unreviewed local script path.
Do not install this version. It is a paid skill whose reviewed code does not actually generate the promised real estate report, and it asks the agent to run an unreviewed hardcoded local script while using embedded payment credentials.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be charged for a premium report but receive only placeholder text rather than the promised service.
After the billing step, the included code contains a placeholder instead of the advertised GTA real estate financial report generation logic.
# --- PUT YOUR ACTUAL PREMIUM SKILL LOGIC HERE ---
Do not install until the package contains reviewed, working report-generation logic and clearly shows what the user receives after payment.
The agent could run code that is not part of the reviewed artifact set, or the skill may fail unpredictably depending on what exists at that local path.
The required execution path is a hardcoded personal absolute path for a different skill directory, not the reviewed run.py in this package.
python3 /Users/guodong.chen/.openclaw/workspace/skills/skillpay-demo/run.py
Require the skill to execute only files included in its package using relative paths, and reject hardcoded personal or out-of-package execution paths.
A user’s ordinary request for a report could trigger an immediate charge attempt before the user reviews final payment details or the deliverable.
The instructions require the agent to run the billing script first for real-estate-report requests, making a high-impact payment action the default workflow.
无论用户请求多伦多哪里的房产,必须**首先**调用底层的安全扣费验证脚本。
Require an explicit, separate user confirmation before any charge attempt, and disclose the exact amount, provider, refund terms, and output to be delivered.
The package contains payment-system authority that users cannot scope, rotate, or verify through declared credential requirements.
The skill embeds a billing API credential directly in source code and uses it to authorize charge requests.
API_KEY = "14915753668f2e6686dc08cceea917e357f02f4aa8247db9fd567a1ed4b7e33e"
Remove hardcoded payment credentials, declare required credentials and permissions in metadata, and use a reviewed payment flow with scoped authorization.
The external payment service can receive and associate the user’s OpenClaw sender identifier with this skill’s billing events.
The code sends the OpenClaw sender ID and skill ID to an external billing API; this is aligned with billing, but it is sensitive account-linking data.
payload = {
"user_id": user_id,
"skill_id": SKILL_ID
}Install only if you accept this third-party billing data flow, and require the skill to disclose the provider, data sent, retention, and privacy terms.