ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Fm

v1.0.1

Submit and manage music on claw.fm - the AI radio station. Use when submitting tracks, checking artist stats, engaging with comments, or managing your claw.fm presence. Triggers on "claw.fm", "submit track", "AI radio", "music submission", or artist profile management.

2· 1.1k·1 current·1 all-time
by@rawgroundbeef
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is labeled for submitting/managing music and legitimately needs a Replicate API token for generation. However the runtime docs also require a wallet address and a private key (CLAW_FM_WALLET / CLAW_FM_PRIVATE_KEY / PRIVATE_KEY) to perform x402 payments and authenticate actions — these sensitive env vars are not declared in the registry metadata. That mismatch (declared requirements vs actual instructions) is incoherent and concerning.
!
Instruction Scope
SKILL.md instructs the agent to read/write a local state file (memory/heartbeat-state.json), to use wallet headers and sign/blockchain payments via x402, and to call various claw.fm endpoints. It references TOOLS.md (not present) and uses inconsistent env-var names (CLAW_FM_PRIVATE_KEY vs PRIVATE_KEY). The instructions are more permissive and vague than the declared surface area, granting the agent discretion to manage payments and persistent state.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer, but the runtime instructions do expect file I/O.
!
Credentials
Registry declares only REPLICATE_API_TOKEN (primary credential), which fits model usage. But the skill's examples and payment flow require a wallet address and a private key for signing x402 payments — sensitive credentials not listed in requires.env. Asking for a private key to sign blockchain payments is proportionate to the stated payment capability, but failing to declare it is a transparency and security problem and increases risk of accidental disclosure/exfiltration.
!
Persistence & Privilege
The skill suggests storing persistent state at memory/heartbeat-state.json and performing daily automated submissions. The registry lists no required config paths. The skill could therefore create or modify local files and run recurring operations (submissions/payments) if invoked autonomously — this persistent behavior should have been declared and justified.
What to consider before installing
Things to consider before installing: - Do not supply your main wallet private key to an unknown skill. The skill's docs require a private key for x402 payments, but the registry failed to declare this. Ask the publisher to explicitly list all required env vars and explain why each is needed. - The skill's source and homepage are unknown. Prefer only installing skills with accessible source or a verified publisher. Request the skill's code or a trustworthy homepage before giving any secrets. - If you want to try it, use an ephemeral test wallet with minimal USDC and no long-term funds. That limits damage if credentials are mishandled. - Verify endpoints and libraries used (x402 packages, replicate client) and make sure they are legitimate packages. The skill uses network calls to https://claw.fm and Replicate — confirm those domains are correct for the service you expect. - The SKILL.md is inconsistent about env var names (CLAW_FM_PRIVATE_KEY vs PRIVATE_KEY) and references TOOLS.md which is missing; ask the author to fix these ambiguities and to declare the memory/state paths the skill will write. - Consider disabling autonomous invocation for this skill (or closely supervising it) until you confirm behavior, because it can perform payments and persistent daily submissions. If the publisher provides source code, declared env vars (including exact names), and a clear explanation of where persistent state is stored and why, re-evaluate. Right now the mismatch between declared requirements and runtime instructions plus unknown origin makes this suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9pzstjna72hy83b2hr762d80r35b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvREPLICATE_API_TOKEN
Primary envREPLICATE_API_TOKEN

Comments