Skillv1.0.0

ClawScan security

Odds Movement Monitor 盘口监控 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 11:19 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches an odds-monitoring tool, but it embeds a hard-coded billing API key, mismatches declared vs. actual env requirements, and will call an external billing service — these inconsistencies are suspicious and warrant caution before installing.
Guidance: This skill implements the advertised odds-monitoring features, but it embeds a hard-coded SkillPay API key in payment.py and has inconsistent environment/metadata declarations. Risks: (1) the embedded billing key is sensitive — if valid it can be abused or leaked; (2) the skill will call an external billing endpoint and attempt to charge users automatically, which is not fully documented in SKILL.md; (3) registry metadata and files disagree about which env vars are required. Before installing or running: - Do NOT run this on any machine with sensitive credentials or on production agents until the author fixes the issues. - Ask the author to remove the hard-coded BILLING_API_KEY from source and require SKILLPAY_API_KEY be provided via environment/config; verify they rotate the exposed key if it has been published. - Request clear documentation on how SKILLPAY_USER_ID is supplied and whether billing calls occur automatically on each invocation. - Consider running the skill in an isolated environment (sandbox/container) and monitor outbound network calls to skillpay.me and api.the-odds-api.com. - If you do not trust the billing provider or the author, do not install — you could be charged unexpectedly or expose the embedded key. If you want, I can: (a) point to the exact lines containing the embedded key and the billing calls, (b) suggest a minimal patch to require SKILLPAY_API_KEY from env, or (c) produce instructions to run the code in a network-restricted sandbox for audit.

Review Dimensions

Purpose & Capability: concernThe code implements an odds-monitor/analytics tool that legitimately uses an odds API and can send notifications — that aligns with the description. However metadata and code disagree about credentials: _meta.json claims SkillPay uses SKILLPAY_API_KEY/SKILLPAY_USER_ID, SKILL.md advertises pay-per-call, the repository metadata lists no required env vars, yet payment.py hard-codes a billing API key in source. Embedding a provider API key in code is unnecessary for the stated purpose and is disproportionate.
Instruction Scope: concernSKILL.md describes monitoring, data sources, and a top-of-file billing notice, which is consistent with the payment integration. But the runtime code (payment.py) will contact skillpay.me and attempt to charge users automatically (verify_payment / charge_user). The SKILL.md does not document how user identity is provided to billing (payment.py reads SKILLPAY_USER_ID env but defaults to 'anonymous_user'), nor does it explain the hard-coded billing key. The instructions therefore omit an important and potentially impactful runtime behavior (automatic remote billing calls).
Install Mechanism: okNo installer or remote download is used; the skill is delivered as source files and a requirements.txt (aiohttp, requests). That is lower-risk than arbitrary downloads. No obfuscated installers or remote code pulls were observed.
Credentials: concernThe code expects ODDS_API_KEY (Odds API) and may use SKILLPAY_USER_ID, which are appropriate. But the repository metadata/registry claimed no required env vars while _meta.json declares billing API envs — inconsistent. Critically, payment.py contains a hard-coded BILLING_API_KEY (cleartext secret) and uses it to authorize billing calls to skillpay.me. Hard-coding a provider API key in shipped code is disproportionate and exposes a secret that should be stored in environment/config, not in source.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. However it is allowed autonomous invocation (platform default). Combined with its ability to call the billing API and charge users, autonomous execution increases the blast radius: the skill can make network billing requests each time it runs.