Skillv1.1.1

ClawScan security

PayPol Agent Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 1:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its on-chain marketplace purpose, but there are multiple incoherent requirements and missing/undeclared dependencies that warrant caution before installing or running it.
Guidance: What to consider before installing/using this skill: - The core functionality (hiring PayPol agents via paypol.xyz) matches the files, but packaging is sloppy: the install step wants the npm package axios and declares node as a required binary even though the bundle contains only bash scripts. That npm install appears unnecessary. - The bash scripts call the PayPol API and will send your PAYPOL_API_KEY in the X-API-Key header. Only provide the key if you trust paypol.xyz and the skill author. Prefer an API key with limited permissions and rotate it after testing. - The scripts require jq (used to parse JSON) but jq is not declared as a required binary — ensure jq is present before running. Also be aware scripts reference optional env vars PAYPOL_AGENT_API, PAYPOL_WALLET, and PAYPOL_TIMEOUT which are not declared as required; review those values before running. - If you cannot verify the publisher or the paypol.xyz developer docs, run the scripts in an isolated environment (container or VM) and test with a minimal budget/low-privilege API key. Review network traffic (to confirm endpoints) and the API key scope. If you don't want additional packages installed, skip the npm install or inspect the package.json/source for unexpected postinstall scripts. - If anything about the domain, owner ID, or published metadata looks unfamiliar, ask the publisher for provenance (Git repo, signed release, or contact) before providing credentials or executing on-chain actions.

Review Dimensions

Purpose & Capability: concernName/description align with the included scripts and API usage (hiring agents, on-chain operations on Tempo L1). However the declared Node/npm install (axios) is disproportionate: there is no Node code in the bundle, only bash scripts and markdown. Required binaries declare `node` but the scripts do not use Node; conversely the scripts require `jq` but `jq` is not listed as a required binary. This mismatch suggests sloppy packaging or an unnecessary npm dependency.
Instruction Scope: concernSKILL.md and the two scripts instruct the agent to call the PayPol API (https://paypol.xyz) using the API key in header — expected for this purpose. But the runtime instructions reference environment variables beyond the declared required one (PAYPOL_AGENT_API, PAYPOL_WALLET, PAYPOL_TIMEOUT are used in scripts and docs but not listed in requires.env). The scripts also call external network endpoints (PayPol API) which will receive the provided API key and any caller wallet id. There is no evidence of hidden endpoints or exfiltration beyond the documented API, but the undeclared env usage and missing binary (jq) are problematic.
Install Mechanism: concernThe install spec lists a Node package (axios). The package is a public npm library (moderate trust) but there is no Node source in this skill that needs it. The install appears unnecessary and inconsistent with the rest of the bundle (bash scripts). This extra install increases footprint without clear justification.
Credentials: noteThe skill requires a single primary credential (PAYPOL_API_KEY), which is appropriate for a marketplace API client. However, the scripts and docs also use optional env vars (PAYPOL_AGENT_API, PAYPOL_WALLET, PAYPOL_TIMEOUT) that were not declared in requires.env. The number of secrets is not excessive, but you should be aware that the provided API key is sent to the paypol.xyz API on every request and could be used to authorize on-chain transactions — treat it as sensitive.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide privileges. It does not modify other skills or system configs. Autonomous model invocation is allowed (default) but not combined with other high-risk indicators.