Skillv1.0.0

ClawScan security

Learn Anything Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (serving Learn-Anything.xyz learning paths) matches its instructions, but the SKILL.md embeds an undisclosed API/payment key and pricing info that are not declared or explained — this mismatch is suspicious and needs clarification before installing.
Guidance: This skill mostly does what it says (recommends Learn-Anything learning paths), but the SKILL.md contains pricing and a hard-coded API key (SkillPay.me) that are not declared in the metadata. Before installing, ask the publisher: (1) what is that API key for and who owns it; (2) what network endpoints (payment or telemetry) the skill will contact and when; (3) whether the skill will ever request or store your credentials or charge you automatically. If you or your org provided payment keys, do not accept a skill that publishes them in plain text — rotate the key immediately. If the publisher cannot clearly explain the payment flow and why the key is embedded (and provide an alternative such as requiring the integrator to set their own secret via environment variables), treat the skill as untrusted and do not install. Additional information that would raise confidence: explicit declaration of required env vars/primary credential, clear API endpoint URLs for payments, and an explanation of how/when billing occurs.

Review Dimensions

Purpose & Capability: noteName and description claim to provide learning paths from Learn-Anything.xyz; the SKILL.md content, supported topics, and response examples align with that purpose. However, the inclusion of pricing and a hard-coded API key in the SKILL.md is outside the core purpose of 'helping learn' and is not declared in the skill metadata.
Instruction Scope: concernSKILL.md is an instruction-only file and does not tell the agent to read local files or request unrelated credentials, which is good. But it explicitly embeds payment instructions and an API key (SkillPay.me API key) in cleartext and does not explain how the key is used, where payments are sent, or whether the agent will contact external payment endpoints — leaving ambiguity about network calls and potential hidden behavior.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes installation risk because nothing is written to disk and no external packages are fetched by an automated install step.
Credentials: concernThe skill metadata declares no required environment variables or credentials, yet SKILL.md contains an apparent secret API key (sk_...) and pricing details. A hard-coded key in the instructions is disproportionate and inconsistent with the manifest; it is unclear whose key this is and whether the agent will use it or request additional user credentials.
Persistence & Privilege: okThe skill does not request 'always: true' and uses default invocation settings. It does not declare any persistence or system-wide configuration changes. Autonomous invocation remains possible (platform default), but there is no elevated privilege requested by the skill itself.