Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Spraay Openclaw
v1.0.0Payment infrastructure for AI agents. Batch crypto payments, x402 micropayment gateway, agent-to-agent USDC settlement, multi-chain payroll, Bitcoin PSBT tra...
⭐ 1· 133·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (payment gateway, batch payments, x402, PSBT, RTP) align with the included docs and the script: the skill only needs a gateway URL and curl to call the listed endpoints. The README references gateway-side environment variables (Alchemy, Pinata, etc.) that are internal to the gateway and not required by the skill.
Instruction Scope
The runtime script and SKILL.md instruct the agent to send arbitrary data to the configured gateway URL. The ipfs-pin command base64-encodes and transmits the contents of a local file—this is a legitimate feature for pinning, but it is effectively a capability to exfiltrate any file the agent can read. The SKILL.md also suggests providing callback URLs for RTP; those could cause the agent to expose endpoints or accept inbound webhooks. The script uses base64 -w0 but base64 is not declared in required binaries (inconsistency).
Install Mechanism
No install spec; the skill is instruction+script only and uses curl to make HTTP calls. No remote downloads or archive extraction are present in the skill bundle.
Credentials
Only SPRAAY_GATEWAY_URL is required (SPRAAY_API_KEY optional). This is proportional for a gateway client, but marking the gateway URL as the 'primary credential' is unusual: if an attacker sets SPRAAY_GATEWAY_URL to a malicious endpoint, the agent will send requests and any data (including base64'd files) to that endpoint. The optional SPRAAY_API_KEY is declared but not used by the provided script (inconsistency).
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. The skill does not modify other skills or system settings.
What to consider before installing
What to consider before installing: 1) Verify and lock SPRAAY_GATEWAY_URL — only set it to the official gateway URL (https://gateway.spraay.app) unless you fully trust an alternative endpoint. An attacker-controlled gateway URL would let the skill send any data (including local files) to that endpoint. 2) Treat SPRAAY_API_KEY carefully — although optional, confirm whether the gateway uses it; don't provide private keys or wallet secrets to this skill. 3) The script's ipfs-pin reads and base64-encodes a local file and transmits it — avoid using ipfs-pin with sensitive files. 4) The script calls endpoints that may require x402 payment headers; confirm whether payments require your wallet or the gateway negotiates payments server-side before sending funds. 5) Small inconsistencies to confirm: the script uses base64 (not listed in required binaries) and doesn't use the optional API key header; ask the publisher for clarification and for source code or audits of the gateway service before routing real payments. 6) If you plan to allow autonomous agent invocation with this skill, limit its scope (test on a non-production account, use small amounts, and monitor network traffic). If you want more definitive guidance I can: (a) point out exact places to change the script to avoid accidental exfiltration, (b) generate a minimal wrapper that whitelists endpoints/filenames, or (c) produce questions to ask the publisher to increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97fxy41d6xrgnexrrf2t4b0d5835akj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💧 Clawdis
Binscurl
EnvSPRAAY_GATEWAY_URL
Primary envSPRAAY_GATEWAY_URL