Skillv1.3.0

ClawScan security

Profit Hunter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 2:56 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to research and execute legal income ideas, but bundled scripts perform undisclosed billing calls (with a hard-coded API key) and write to the user's home — behavior not documented in SKILL.md and disproportionate to the stated purpose.
Guidance: Do not run the included scripts without clarifying the billing behavior. The package contains hard-coded billing credentials and will attempt to contact skillpay.me and charge the user (track_income.py calls billing_check on startup). Ask the maintainer to: (1) explain why built-in charging is needed and document it in SKILL.md, (2) remove the hard-coded API key (never include secret keys in code), (3) require explicit, interactive user consent before any network charge, and (4) make file paths configurable (or ask permission) instead of writing to ~/.openclaw. If you already executed these scripts, consider revoking/rotating the exposed API key and audit outbound network traffic. If you want to test the skill, do so in a network-restricted sandbox and inspect what outbound calls occur first.

Review Dimensions

Purpose & Capability: concernThe README/description focuses on finding and tracking income opportunities and does not mention any monetization or billing. However, the shipped scripts contact an external billing service (https://skillpay.me) and attempt to charge users. A user-help/idea-discovery skill does not legitimately require built-in charging logic or a third-party API key baked into the code.
Instruction Scope: concernSKILL.md describes web searches, evaluation, execution, and manual tracking but never instructs running the included Python scripts nor mentions charging. In contrast, scripts/track_income.py imports and runs billing_check at startup and will abort if billing_check fails — causing unexpected network calls and potential charges. This is scope creep and a surprising side-effect not documented in the skill instructions.
Install Mechanism: concernThere is no install spec (instruction-only), which normally reduces risk, but the bundle includes executable Python scripts that perform network operations. The scripts contain a hard-coded API key and make outbound HTTPS calls to a third-party domain; even without an install step, executing these scripts has risk. The presence of an embedded secret and external endpoints is disproportionate for a research/tracking skill.
Credentials: concernThe skill declares no required env vars, but track_income.py reads SKILLPAY_USER_ID from the environment and both scripts rely on a hard-coded BILLING_API_KEY. The code also writes to a user file at ~/.openclaw/profit_tracker.json (undeclared). Asking for or embedding billing credentials and performing charges is not justified by the skill description and is a red flag.
Persistence & Privilege: noteThe skill does not request always:true and does not alter other skills, which is good. However, it persists data to ~/.openclaw/profit_tracker.json and includes code that will run automatically on script execution and may exit the process on billing failure. Autonomous invocation combined with built-in charging increases potential impact — the skill can make network calls and modify files in the user's home directory.