Skillv1.0.1

ClawScan security

TradingView Signal Parser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 2:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (parses TradingView-style signals) but includes an embedded billing integration with a hard-coded API key and network calls that are not declared as required — this is coherent with charging behavior but is a risky pattern and merits caution.
Guidance: This skill parses TradingView-style text as advertised, but it charges users before running: it makes an HTTP POST to https://skillpay.me/api/v1/billing and the author embedded a SkillPay API key directly in the code and SKILL.md. Before installing, consider: (1) Do you trust the skill author and SkillPay.me? (2) Embedded API keys in published code are risky — the key may be stolen or abused; ask the author to use an environment variable or the marketplace's secure billing integration. (3) The skill sends context.user_id to an external billing endpoint — if you care about privacy, verify what user_id value your agent provides and whether you consent to that transmission. (4) If you don't want automatic charges, avoid enabling this skill or require a review of billing behavior. If possible, request the author remove hard-coded credentials and document precisely what billing data is transmitted.

Review Dimensions

Purpose & Capability: noteThe code implements parsing and risk/reward calculation matching the description. However, the skill also performs an upfront billing call to an external SkillPay API — that billing behavior is consistent with the listed price but is a side-effect beyond pure parsing (expected for a paid skill) and is exposed directly in the source.
Instruction Scope: noteSKILL.md shows how to call the skill and advertises price and SkillPay integration. The runtime handler enforces a pre-charge using context.user_id and the SkillPay API before parsing; it does not read files or unrelated env vars. The scope is limited to parsing and billing, but billing requires sending the agent's user_id to an external endpoint.
Install Mechanism: okNo install spec; standard Node dependency (axios) is used and listed in package.json/lock. Nothing is downloaded from arbitrary URLs or executed from extracted archives.
Credentials: concernNo environment variables are declared, yet a private API key (sk_...) for SkillPay is hard-coded in both SKILL.md and index.js. Embedding a secret in source is poor practice and increases risk (exposed credential, inability for deployers to rotate). The skill also transmits user_id and billing info to skillpay.me — requests of user identity and network access are only partially documented.
Persistence & Privilege: okSkill does not request persistent/always-on privilege, does not modify other skills or system config, and uses only its own runtime behavior. Autonomous invocation is allowed (platform default) but not combined with other high privileges.