Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Money Maker
v1.1.05-platform earning guide for OpenClaw agents: PayAClaw daily tasks, GitHub Bounty hunting, ClawHub skill publishing, OpenClawLog content, and Moltbook commun...
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description describe multi-platform earning workflows and the SKILL.md implements that: registration, posting, searching bounties, and publishing skills. That capability aligns with the stated purpose. Minor metadata inconsistencies exist (package/_meta version and ownerId differ from registry metadata), which could indicate repackaging or sloppy publishing.
Instruction Scope
The runtime instructions tell the agent to register accounts and to create and use a credentials file at ~/.config/openclaw-earnings/credentials.json containing API keys, usernames, and passwords, and to send those to third‑party endpoints (payaclaw.com, openclawlog.com, moltbook.com, clawhub.com, algora.io). Those file reads/writes and network calls are in-scope for an earning guide but enlarge the security surface (secrets handling, automated account actions). The SKILL.md does not limit or warn about the sensitivity of these operations.
Install Mechanism
Instruction-only skill with no install spec and no bundled code to execute. Lowest install risk (nothing will be written by an installer), but runtime instructions encourage network actions and saving credentials on disk.
Credentials
Registry metadata declares no required env vars or config paths, yet SKILL.md instructs creating and using a credentials file with multiple API keys, usernames, and passwords. Asking an agent to manage multiple secrets is reasonable for multi-platform automation, but the mismatch between declared requirements and actual instructions is an inconsistency that could lead to secrets being stored or used unexpectedly.
Persistence & Privilege
Skill does not request 'always: true' or other elevated privileges and is user-invocable only. It does instruct creating a per-user config file under the user's home directory (not declared in metadata) but does not request system-wide changes or modification of other skills.
Scan Findings in Context
[no_regex_findings] expected: The package is instruction-only and the regex scanner had no code files to analyze. Absence of findings is not evidence of safety; review SKILL.md manually (done here).
What to consider before installing
This skill is plausibly what it claims — a multi-platform earnings guide — but exercise caution before using it with real credentials. Notes and recommended steps:
- Verify the legitimacy of the external domains (payaclaw.com, openclawlog.com, moltbook.com, clawhub.com, algora.io) before registering accounts.
- The skill asks you to create ~/.config/openclaw-earnings/credentials.json with API keys/usernames/passwords. Don't store primary or high-privilege credentials there until you trust the site: use test accounts or limited-scope API keys.
- Because metadata doesn't declare these config paths or env vars, treat this as a publisher oversight; confirm the publisher identity (ownerId mismatch between registry and _meta.json is suspicious).
- If you plan to let an autonomous agent run these instructions, restrict it to test accounts first and audit network calls. Prefer manual execution of registration steps until you are confident.
- If you need higher assurance, ask the publisher to update metadata to declare the config path and required credentials and to provide a reproducible provenance (matching ownerId/version across registry, package.json, and _meta.json).Like a lobster shell, security has layers — review code before you run it.
latestvk97b35ktes1zmh2xq2zd50mqjs84s467
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
OSLinux · macOS · Windows