Back to skill
Skillv2.6.0
ClawScan security
OKX a2a Payment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 1:05 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (wrapping the onchainos a2a payment CLI) is plausible, but the SKILL.md omits required runtime dependencies and purpose-limiting safeguards (notably automatic buyer-side signing with no user confirmation), so its requirements and instructions don't fully align.
- Guidance
- Before installing, be aware of two main issues: (1) The SKILL.md expects the onchainos CLI and an authenticated wallet session, but the skill metadata does not declare this dependency — ensure your agent environment has onchainos installed and the wallet logged in. (2) The buyer 'pay' flow deliberately signs and submits the server-provided challenge without prompting the user; this is safe only if some upstream component has already validated the challenge/amount. If you plan to let humans invoke this skill directly, request that the skill be modified to present a preview/confirmation step before signing. Also note the skill has no homepage/source link — treat it as less-audited and test in a safe environment first. If you need help changing the skill to require onchainos or to add an explicit confirmation prompt, consider requesting that change from the author or rejecting until updated.
Review Dimensions
- Purpose & Capability
- concernThe skill explicitly wraps the onchainos CLI (onchainos payment a2a-pay / wallet status / login) but the registry metadata declares no required binaries or primary credential. That omission is inconsistent: a runtime environment must have the onchainos binary and an authenticated wallet session for the skill to function.
- Instruction Scope
- concernRuntime instructions instruct the agent to shell out to onchainos for create/pay/status. Critically, the buyer flow will TEE-sign and submit the server-provided challenge without any local preview or interactive confirmation; trust is delegated to the upstream caller. That is a deliberate design choice but broad in scope and risky if this skill is invoked directly by an agent acting for a human user.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — nothing is written to disk by the skill itself. Low install risk, but it relies on external CLI binaries that the SKILL.md expects to exist.
- Credentials
- noteNo environment variables or credentials are declared, which is consistent with delegating signing to the onchainos CLI. However, the skill implicitly requires access to the user's wallet/session (and thus private signing capabilities via onchainos/TEE). That implicit privilege isn't declared in metadata and should be made explicit.
- Persistence & Privilege
- okSkill is not always-on and does not request persistent platform-wide privileges. It does enable autonomous invocation by default (platform normal) but that alone is not flagged here.