ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ethereum L2 Analytics 以太坊L2分析

v1.0.0

以太坊 Layer 2 生态综合分析工具。提供 Optimism、Arbitrum、Base、zkSync、Starknet 等 Ethereum L2 协议的深度分析、TVL监控、技术对比、跨链桥分析和投资机会识别。当用户需要分析 Ethereum L2 生态、评估 Rollup 项目、监控 L2 资金流向、发...

0· 19·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts (l2_ecosystem_monitor.py, project_evaluator.py) and reference docs align with an Ethereum L2 analytics tool. However, repository metadata (_meta.json) and a payment module (payment.py) indicate a paid access flow; SKILL.md does not clearly describe payment requirements or the external payment endpoints, creating a mismatch between declared entrypoint/instructions and the code/metadata.
!
Instruction Scope
SKILL.md instructs running local analysis scripts and describing how to query/compare L2s, but it does not mention calling a payment verification API or collecting wallet addresses. The included payment.py will POST user_address and a timestamp to api.skillpay.io if invoked — this external data transfer and potential requirement to pay is not documented in SKILL.md, giving the agent broad discretion if the payment module is invoked by runtime code.
Install Mechanism
No install spec is provided (instruction-only), and there are no third‑party install URLs. This minimizes install-time risk. The package includes Python scripts only and has no installer that would drop arbitrary binaries.
!
Credentials
The skill requests no environment variables, yet contains a hard-coded API key ('sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2') present in both _meta.json and payment.py. For a paid skill it's reasonable to integrate a payment service, but embedding a secret in repository files rather than using a configured environment variable is disproportionate and risky. The payment module also transmits a user wallet address and timestamp to a third-party endpoint.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare persistent system-wide changes. Scripts write a report file to /tmp, which is normal for a monitoring script. There is no evidence of elevated privileges.
Scan Findings in Context
[hardcoded-api-key] unexpected: A SkillPay API secret is hard-coded in _meta.json and payment.py. While a payment integration may be expected, embedding the API key in repository files is insecure and unexpected — the key should be provided via platform config or an environment variable.
[outbound-network-call] expected: The payment module makes POST requests to https://api.skillpay.io/v1/verify and references https://pay.skillpay.io/ — outbound calls to a payment provider are expected for paid functionality, but SKILL.md does not mention this behavior or what data is sent (user wallet address and timestamp).
What to consider before installing
This skill mostly does what it says (local analysis scripts and reference docs), but there are two red flags you should consider before installing or running it: 1) Hard-coded payment key: The repository contains a SkillPay API key in _meta.json and payment.py. That key is public in the package and could be abused or leaked. Ask the author to remove embedded secrets and use a platform-configured or environment-only API key instead. If you control the platform, rotate any exposed key. 2) Undocumented external calls / payment flow: The payment.py module will POST a user wallet address and timestamp to api.skillpay.io for verification. SKILL.md does not document this requirement or when the verification is invoked. Confirm whether the skill will require payment at runtime, what data will be sent, and whether the platform enforces payment outside the skill. Practical steps: - Request the author to (a) remove hard-coded API keys, (b) document the payment flow in SKILL.md, and (c) make payment credentials configurable via environment variables managed by the platform. - If you must test now, run the skill in an isolated sandbox/container and do not provide real wallet addresses until the payment behavior is clarified. - Consider auditing or reviewing payment.py and _meta.json with the author, and ask the publisher to rotate the exposed key. Because these issues are not definitive proof of malicious intent but are non-trivial security/design problems, treat the skill as suspicious until the author fixes them or provides clear operational details.

Like a lobster shell, security has layers — review code before you run it.

latestvk9762tgq9gr1q4yctvct5pf30s846sq2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments