Skillv1.0.2

ClawScan security

Social Sentiment Monitor 社媒舆情监控 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 12, 2026, 10:27 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill broadly matches its stated purpose (social sentiment monitoring) but contains inconsistent/deceptive credential handling (a hardcoded billing API key, undeclared required secrets) and unclear billing behavior — exercise caution before installing or running.
Guidance: This skill appears to implement the advertised monitoring functionality, but it has two issues you should resolve before running it: (1) payment.py includes a hardcoded billing API key — treat this as a secret leak. Do not run the code until that key is rotated/removed and billing is configured via environment variables you control. (2) The SKILL.md and reference docs expect many API tokens (Twitter/Reddit/LunarCrush, Telegram/Discord webhooks) but the skill metadata does not declare them; verify which credentials you must supply and avoid providing unrelated high-privilege secrets. Additional steps to consider: review payment provider endpoints and terms, inspect network calls (e.g., via a sandbox) to confirm no unexpected exfiltration, run the scripts in an isolated environment, and if you plan to pay/use SkillPay, confirm the legitimacy of skillpay.me and rotate any leaked keys. If you are not comfortable with the embedded key or automatic billing checks, do not install or run this skill.
Findings: [hardcoded-secret-in-code] unexpected: payment.py contains a hardcoded BILLING_API_KEY value. A sentiment-monitoring skill might need a billing integration, but embedding a cleartext API key in source is not expected and is poor practice — it grants whoever controls the key access to the billing API and may allow unexpected charges or misuse. [manifest-env-mismatch] unexpected: _meta.json and SKILL.md reference SKILLPAY_API_KEY / SKILLPAY_USER_ID and many social API env vars, but the skill metadata above declares 'Required env vars: none'. This inconsistency makes it unclear which credentials the skill truly needs and how billing is enforced.

Review Dimensions

Purpose & Capability: concernThe functionality (monitoring Twitter/Reddit, sentiment, KOLs) aligns with the name/description, but the package embeds a SkillPay billing integration with a hardcoded API key in payment.py and _meta.json declares billing envs — yet the skill manifest lists no required environment variables. Billing integration itself is plausible for a paid skill, but the way credentials are handled (hardcoded key, conflicting metadata) is disproportionate and inconsistent with the declared requirements.
Instruction Scope: noteSKILL.md instructs running local scripts (token_sentiment.py, sentiment_daemon.py, etc.) and provides config examples referencing many API tokens (TWITTER_*, REDDIT_*, TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL). The shipped scripts are mostly simulation/mocked-data generators (no mandatory network calls), but the documentation provides examples using real APIs. The runtime instructions do not explicitly direct the agent to read arbitrary system files beyond a config file, but they do assume and reference secrets that are not declared in the skill manifest.
Install Mechanism: okThere is no install specification (instruction-only), so nothing will be downloaded or installed automatically by the platform. The risk from the install mechanism is low. Note: the repository includes executable Python scripts which will run if the user executes them locally.
Credentials: concernThe skill manifest claims no required environment variables, but SKILL.md and references clearly expect multiple API keys/tokens (Twitter, Reddit, LunarCrush, Santiment, TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL). Critically, payment.py contains a long hardcoded BILLING_API_KEY literal (cleartext secret) and _meta.json documents billing env names (SKILLPAY_API_KEY, SKILLPAY_USER_ID). Hardcoding a billing API key in code is a significant red flag (credential mishandling and potential misuse).
Persistence & Privilege: noteThe skill is not marked always:true and uses normal autonomous invocation settings (disable-model-invocation: false). It does create/read a config file (config.yaml) and a log file (sentiment_monitor.log) when run. The combination of autonomous invocation (platform default) plus an integrated billing endpoint means the skill could attempt to perform billing checks/charges at start; this increases impact if the embedded billing key or remote billing endpoints are malicious or abused.