Back to skill
Skillv1.1.0
ClawScan security
Claw Loudyai Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 10:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, env requirements, and instructions are consistent with a Loudy.ai automation tool that only talks to the Loudy.ai API; no obvious exfiltration or unrelated credential requests were found, though there are minor inconsistencies and installation notes to review before installing.
- Guidance
- This skill appears to do what it says (call Loudy.ai APIs to list pools, submit links, and check status). Before installing: 1) Verify and set LOUDY_API_KEY only in environment (do not paste it into shared files). 2) Inspect the included scripts locally rather than running the remotely piped install command (avoid 'curl ... | bash'); run install.sh from the local copy or clone the repo manually. 3) Note environment-variable name inconsistencies (OPENCLAW_WORKSPACE vs OPENCLAW_SKILLS_DIR vs OPENCLAW_SKILL_DIR) — confirm which you will set. 4) Installing to /usr/lib/... or adding the cron line requires elevated privileges; review the cron line before adding it. 5) The skill suggests optionally installing a third-party 'binance' skill — that is separate and increases risk; only install trusted external skills. 6) If you want tighter control, run scripts manually or in a limited account instead of enabling automatic cron jobs. If you want me to, I can list the exact env vars and lines to run to install safely or produce a checklist to audit the repo before running any installer.
Review Dimensions
- Purpose & Capability
- okName and description match the actual behavior: scripts only call loudy.ai endpoints to list pools, submit links, and check task/payment status. The single declared secret (LOUDY_API_KEY) is appropriate for this purpose.
- Instruction Scope
- concernRuntime instructions and scripts read/write files in the workspace (loudy_tasks.json, loudy_has_new.txt) and optionally configure a cron job — these are reasonable for periodic checks but the SKILL.md, scripts, and install script use inconsistent environment variable names (OPENCLAW_WORKSPACE vs OPENCLAW_SKILLS_DIR vs OPENCLAW_SKILL_DIR). The SKILL.md also references optional HEARTBEAT.md behavior and recommends installing an external Binance skill (a separate dependency) — these are allowed but increase scope and require user attention.
- Install Mechanism
- noteNo centralized install spec, but an install.sh is provided which clones a GitHub repo and sets permissions. The install.sh header suggests the common but risky pattern 'curl | bash' (downloading and piping a remote script). The repository and scripts are included in the package so users can avoid piping from the network and inspect code before running. Installation writes to system paths (/usr/lib/node_modules/...) and may require root.
- Credentials
- noteOnly LOUDY_API_KEY is required for operation which is proportional. However metadata shows a glitch (Required env vars displayed as '[object Object]') and several optional env vars are referenced but not consistently declared (OPENCLAW_WORKSPACE is documented, but OPENCLAW_SKILLS_DIR / OPENCLAW_SKILL_DIR appear in scripts/install.sh/cron_check.sh). This inconsistency can cause misconfiguration if not reviewed.
- Persistence & Privilege
- okSkill is not always: true and does not request elevated platform privileges. Optional cron installation will create periodic checks and the installer may need root to write under /usr/lib; these are normal for an installed skill but require the user to consent. The skill does not modify other skills' configs.