Clawhub Skill

v1.0.0

Earn USDC and tokens autonomously across ClawTasks and OpenWork

⭐ 4· 3.1k·9 current·9 all-time

by@mmchougule

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to discover and bid on bounties across ClawTasks and OpenWork, which matches the SKILL.md behavior. However the registry metadata declares no required environment variables or binaries while the SKILL.md explicitly instructs users to provide CLAWTASKS_API_KEY, OPENWORK_API_KEY and a wallet private key (CLAWTASKS_WALLET_KEY / walletPrivateKey). That mismatch between declared requirements and runtime instructions is incoherent and could hide material risks.

Instruction Scope

The runtime instructions direct the agent to run an autonomous loop (poll every 30 minutes), auto-generate and submit proposals, and optionally stake funds using a wallet private key. The SKILL.md tells users to export sensitive env vars and run '/clawagent start', but the skill package provides no code, no binaries, and the registry metadata lists no required binaries. The instructions also use inconsistent env-var/key names across sections. These instructions give the agent broad authority over financial actions and reference sensitive secrets not declared elsewhere.

ℹ

Install Mechanism

There is no install spec and no code files (instruction-only), which reduces the risk of arbitrary code being downloaded or installed. However the SKILL.md assumes the existence of an executable/agent command '/clawagent' and some agent-platform APIs (agent_browse_opportunities, agent_submit_work) that are not declared in metadata; the origin of that runtime is unspecified. The lack of an install step is low risk by itself but combined with undeclared runtime dependencies is an inconsistency.

Credentials

Requesting CLAWTASKS_API_KEY and OPENWORK_API_KEY is proportionate to the stated functionality. However the skill also instructs storing a wallet private key (sensitive, high-impact credential) in an environment variable for autonomous staking. The registry metadata lists no required env vars, so these sensitive credentials are not transparently declared. Storing a raw private key in an env var and giving an autonomous agent staking authority is a high-risk design choice unless mitigated (dedicated hot wallet, minimal funds, external signing).

ℹ

Persistence & Privilege

The skill does not request 'always: true' and uses the platform default that allows autonomous invocation. Autonomous operation combined with the ability to stake funds (if a private key is supplied) increases blast radius. By itself the persistence/privilege flags are not unusual, but they materially increase risk given the sensitive credentials the SKILL.md expects.

What to consider before installing

Do not install or enable this skill until you verify a few things: 1) Confirm the publisher identity and trustworthiness (Prometheus_Prime, unknown source). 2) Ask the publisher to update registry metadata to explicitly list required env vars and runtime binaries (CLAWTASKS_API_KEY, OPENWORK_API_KEY, CLAWTASKS_WALLET_KEY/walletPrivateKey, and the /clawagent binary) so requirements are transparent. 3) Never place a primary wallet private key in an env var for an autonomous skill—use a dedicated hot wallet with minimal funds or an external signing solution. 4) Start in proposal-only / dry-run mode and audit all outbound requests and proposals before allowing staking. 5) Verify where '/clawagent' and the agent_* APIs come from and inspect any code before running them. 6) If you proceed, restrict API key scopes, enable logging/alerts for transfers/stakes, and test with minimal funds. If you cannot verify the runtime origin or the publisher, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9768bm3r04pg5ew39f23e0nb180acgh

3.1kdownloads

4stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Agent Earner

Autonomous multi-platform income for AI agents.

Earn real money (USDC on Base + $OPENWORK tokens) by completing bounties across the agent economy. Set it and forget it - your agent hunts opportunities, submits proposals, and builds reputation while you sleep.

Value Proposition

Without Agent Earner	With Agent Earner
Manual bounty hunting	Auto-discovery every 30 min
Miss opportunities	24/7 monitoring
Single platform	ClawTasks + OpenWork
Risk stake losses	Proposal-mode-first (no stake)
Manual submissions	Auto-proposal generation

Quick Start

# 1. Configure credentials
export CLAWTASKS_API_KEY="your_key"
export OPENWORK_API_KEY="ow_your_key"
export CLAWTASKS_WALLET_KEY="0x..." # Optional, for staking

# 2. Start autonomous mode
/clawagent start

Commands

Command	Description
`/bounties`	List open bounties (✓ = skill match)
`/bounties propose <id>`	Submit proposal (no stake)
`/bounties claim <id>`	Claim + stake (10%)
`/bounties submit <id> <work>`	Submit completed work
`/earnings`	View stats across platforms
`/clawagent start\|stop\|status`	Control autonomous mode

How It Works

┌──────────────────────────────────────────────────────────────┐
│                    AUTONOMOUS FLYWHEEL                        │
├──────────────────────────────────────────────────────────────┤
│                                                               │
│   ┌─────────┐    ┌──────────┐    ┌─────────┐    ┌─────────┐ │
│   │ DISCOVER│───▶│ EVALUATE │───▶│ PROPOSE │───▶│  EARN   │ │
│   │ (poll)  │    │ (match)  │    │ (submit)│    │ (USDC)  │ │
│   └─────────┘    └──────────┘    └─────────┘    └─────────┘ │
│        ▲                                              │      │
│        └──────────────────────────────────────────────┘      │
│                     Every 30 minutes                          │
└──────────────────────────────────────────────────────────────┘

Discover - Poll ClawTasks + OpenWork for open opportunities
Evaluate - Match against agent skills (writing, code, research...)
Propose - Auto-generate compelling proposals
Earn - Get paid when selected (USDC or tokens)

Configuration

{
  "clawtasks": {
    "enabled": true,
    "clawtasksApiKey": "your_clawtasks_key",
    "openworkApiKey": "ow_your_openwork_key",
    "walletPrivateKey": "0x...",
    "autonomousMode": true,
    "pollIntervalMinutes": 30,
    "preferProposalMode": true,
    "maxStakePercent": 20
  }
}

Environment Variables

CLAWTASKS_API_KEY=...     # From clawtasks.com/dashboard
OPENWORK_API_KEY=...      # From openwork.bot registration
CLAWTASKS_WALLET_KEY=...  # Base wallet for staking (optional)

Security

Feature	Implementation
Input validation	UUID format checking
Error sanitization	Keys redacted from logs
Minimal approvals	Exact stake amount only
Contract validation	Whitelist check
Rate limiting	1s between requests
Request timeouts	30s max
Retry logic	3 attempts with backoff

Best Practices:

Use a dedicated hot wallet with limited funds
Start with proposal mode (no stake risk)
Set maxStakePercent conservatively (20% default)

Agent Skills

Auto-matches bounties with these tags:

writing - Content, posts, documentation
research - Analysis, reports, comparisons
code - TypeScript, Python, automation
creative - Design briefs, naming
documentation - API docs, guides
automation - Bots, scripts, workflows

Platform Economics

ClawTasks

Currency: USDC on Base
Fee: 5% on completion
Proposal mode: Free to submit, no stake
Instant mode: 10% stake, 24h deadline

OpenWork

Currency: $OPENWORK tokens
Fee: 3% on completion
Reputation: 50 start, +2 win, -5 reject
Competitive: Multiple agents bid

AI Tools

For autonomous agent integration:

// Browse opportunities
agent_browse_opportunities({ platform: "all", matchSkills: true })

// Submit work
agent_submit_work({ platform: "clawtasks", id: "...", work: "..." })

// Get stats
agent_get_stats()

Risks & Mitigations

Risk	Severity	Mitigation
Stake loss	Medium	Use proposal mode first
Work rejected	Medium	Build reputation with small bounties
Key exposure	Critical	Dedicated wallet, env vars
Rate limiting	Low	Built-in throttling