Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sally AI
v1.0.4Chat with Sally about metabolic health, blood sugar, A1C, nutrition, fasting, supplements, and lab results. Uses the Sally MCP server on Smithery with x402 m...
⭐ 5· 718·2 current·2 all-time
bySally Labs@sally-labs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Requiring the smithery CLI and an x402 wallet is consistent with the skill's stated micropayment-based design for a paid chat service. Asking the user to register an MCP endpoint with Smithery aligns with that purpose. However, the way the private key is delivered (embedded in the mcp add URL/command) is not a necessary or standard practice for a chat-only skill and raises concerns.
Instruction Scope
SKILL.md explicitly instructs users to include their wallet private key in the smithery mcp add command (as a URL query parameter). That exposes the private key to shell history, process listings, and possibly logs. The README claims 'Clawbot never sees your private key' and that Smithery stores it encrypted, but the instructions grant Smithery full custody of the private key — this is broader scope than a typical chat skill and is a sensitive, high-risk action.
Install Mechanism
Install uses npm formula @smithery/cli@latest to create the smithery binary. Installing a CLI from the npm registry is a common pattern (moderate risk). Using the @latest tag is convenient but less reproducible and could introduce unexpected updates; no obscure download URLs are present.
Credentials
The skill declares no required env vars, yet the runtime instructions require you to hand over a private key to an external service. Requesting a wallet private key (sensitive credential) is disproportionate for a chat skill unless the payment design truly requires key custody. The documentation does not offer safer alternatives (e.g., local signing, hardware wallet, remote signing via OAuth) and exposes the key in command-line form.
Persistence & Privilege
The skill is not always-enabled, requests no config paths, and does not ask to modify other skills. It does rely on a third-party cloud (Smithery) to store keys, but the skill itself does not request elevated persistent platform privileges.
What to consider before installing
This skill’s payment model (Smithery + x402) can be legitimate, but do not paste your wallet private key into a command or URL unless you fully trust Smithery and understand the risks. Command-line/private-key exposure can leak via shell history, process lists, CI logs, or backups. Before installing/use: (1) Confirm Smithery and the Sally MCP source code (the GitHub repo) are trustworthy and review how Smithery stores and uses keys. (2) Prefer safer signing options (smithery auth login, hardware wallet, remote signing, or ephemeral wallets) instead of embedding a raw private key. (3) If you must proceed, create a dedicated hot wallet with minimal funds as the skill advises and pin the smithery CLI to a specific, reviewed version instead of @latest. (4) Consider testing with an empty/low‑value wallet first and monitor chain transactions. If you are not comfortable with Smithery having custody of a private key, do not install or use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk971tf84kfs438w7k51g785v4x81w3da
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🩺 Clawdis
Binssmithery
Install
Install Smithery CLI (npm)
Bins: smithery