Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
T54
v1.0.0Credit line service for AI agents to access x402 services without upfront payment. Use when (1) you need to call x402-enabled APIs or services but lack crypt...
⭐ 1· 334·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide a credit line for x402 services, which reasonably could require contextual information. However: (a) the registry metadata declares no prerequisites or credentials, yet SKILL.md lists a Node.js SDK and an invite_code requirement; (b) the instructions instruct the agent to read/write files under ~/.openclaw and to auto-save/load an apiToken — access not declared in the skill manifest. This mismatch between declared requirements and actual instructions is unexplained and concerning.
Instruction Scope
The SKILL.md explicitly instructs the SDK/agent to collect 'agent context' and enable tracing, and gives APIs to point at transcriptDirs, promptDirs, workspaceDir and to auto-load credentials from ~/.openclaw/agents/<agent>/agent/clawcredit.json. These locations can contain prompts, model responses, API keys, and private data. While collecting context may be defensible for underwriting, the instructions are broad (continuous monitoring, automatic data collection) and allow access to many sensitive artifacts beyond what the skill manifest declares.
Install Mechanism
The skill is instruction-only (no install spec), but the README instructs users/agents to run `npm install @t54-labs/clawcredit-sdk`. Installing an unvetted npm package introduces typical supply-chain risk. The skill metadata did not declare Node.js as a required binary even though the SKILL.md lists Node as a prerequisite — another mismatch to note. Because the skill doesn't auto-install code, the immediate install risk depends on whether you run that npm command and on the package's provenance.
Credentials
The manifest lists no required env vars or primary credential, yet the SDK behavior described relies on an invite_code and an apiToken persisted to ~/.openclaw/agents/<agent>/agent/clawcredit.json. The instructions also request broad context (traces, transcripts, prompts) that likely include secrets. Requesting access to these local files and saving tokens is disproportionate without explicit, declared justification and stronger controls.
Persistence & Privilege
The skill instructs that API tokens are automatically saved to and loaded from ~/.openclaw/agents/<agent>/agent/clawcredit.json and that the system will 'continuously monitor' the agent during pre-qualification. While persisting a token to its own file is not inherently malicious, the combination of persistent token storage plus continuous, broad monitoring of agent state increases the blast radius if the SDK or publisher is untrusted. The skill does not request always:true, but autonomous invocation plus these persistent behaviors is noteworthy.
What to consider before installing
Before installing or using this skill: (1) Verify the publisher and the npm package (@t54-labs/clawcredit-sdk) — check its npm page, reviews, and source repository; do not install blind. (2) Inspect the SDK source to confirm what local files it reads, what it transmits off-machine, and how it secures stored tokens. (3) Be cautious about granting access to your OpenClaw workspace, transcript, or prompt directories — these can contain API keys, private prompts, and PII. Only give the minimum paths needed and prefer a sandboxed/testing agent first. (4) Confirm the invite_code workflow and identity of the lending service; ensure you are comfortable with its privacy policy and repayment terms. (5) If you cannot audit the SDK, avoid installing it on production agents or any agent with sensitive secrets; prefer manual payments or vetted providers. If you want me to, I can: (A) look up the npm package (if you paste its npm/registry link), or (B) scan the SDK source for exact file-access and network behaviors once you provide it.Like a lobster shell, security has layers — review code before you run it.
latestvk979gnrpmwbspkj2ry09gbeja582z14r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.