Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Atxp
v1.21.1Agent wallet, identity, and paid tools in one package. Register an agent, fund it via Stripe or USDC, then use the balance for web search, AI image generatio...
⭐ 0· 1.2k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes an agent wallet and paid-tools CLI that legitimately needs Node.js/npx, network access to *.atxp.ai, and a sensitive ATXP_CONNECTION token; those requirements are coherent with the described purpose. However, the top-level registry metadata shown to the evaluator lists no required env vars, no required binaries, and no homepage/source, which conflicts with the SKILL.md and reduces trust in the published metadata.
Instruction Scope
The instructions focus on wallet/identity, paid API usage, and handling untrusted content. They explicitly require reading/writing ~/.atxp/config and ~/.atxp/contacts.json and downloading runtime code via npx. The SKILL.md contains sensible guardrails (don't source config, don't exfiltrate credentials) and warns about untrusted external content. There are no instructions to read unrelated system files or to exfiltrate secrets—but the skill will execute remote code, which expands its runtime scope.
Install Mechanism
There is no formal install spec, but SKILL.md instructs runtime code download and execution via `npx atxp@latest` (npm registry). Running npx executes code fetched from the npm registry with no local audit: this is expected for a Node CLI but is higher risk than an instruction-only skill because arbitrary code runs on the host. The npm/github links referenced are appropriate places to verify, but the skill as published lacked that metadata (another inconsistency).
Credentials
SKILL.md requires a single sensitive env var ATXP_CONNECTION (appropriate for a wallet/identity CLI) and stores it in a user config at ~/.atxp/config. That credential request is proportionate to the stated functionality. The published registry metadata shown to the evaluator, however, claimed 'Required env vars: none' which contradicts SKILL.md—this mismatch is suspicious and should be resolved before trusting the skill.
Persistence & Privilege
The skill does write to its own config and contacts files under the user's home (~/.atxp/*) which is expected for a CLI wallet. The skill is not marked always:true and does not request system-wide config changes or other skills' credentials.
What to consider before installing
This skill appears to do what it says (an agent wallet/paid-tool CLI) and legitimately needs a token and Node/npx, but the published metadata you were shown doesn't match the SKILL.md: registry metadata omitted required env vars, binaries, and homepage/source while SKILL.md declares them. Also, the runtime will invoke `npx atxp@latest`, which downloads and runs code from the npm registry — treat that as executing third-party code. Before installing or providing secrets: (1) verify the npm package and GitHub repo listed in SKILL.md (https://www.npmjs.com/package/atxp and https://github.com/atxp-dev/cli) and confirm maintainers/versions; (2) confirm the canonical documentation/domain (docs.atxp.ai) and that ATXP_CONNECTION tokens are legitimate; (3) store the token with least privilege and set ~/.atxp/config to user-only permissions; (4) test in an isolated/sandbox environment if possible; (5) if the registry listing you saw lacks these required fields, ask the publisher or registry operator why metadata differs — that discrepancy is a red flag. If you can't verify provenance and code, don't provide real credentials or funding keys.Like a lobster shell, security has layers — review code before you run it.
latestvk9739r1swymtqtq41tq7a9zvw981xrdb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.