ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autonomous Agent Skills

v2.1.1

CornerStone MCP x402 skill for agents. Tools for stock predictions, backtests, bank linking, and agent/borrower scores. Payment-protected MCP tools (run_prediction, run_backtest, link_bank_account, get_agent_reputation_score, get_borrower_score, by-email variants) with x402 flow (Aptos + Base). Skill handles 402 → pay → retry. Wallet attestation for onboarding. For marketplaces where agents download and use skills autonomously.

0· 3.9k·17 current·20 all-time
by@josephrp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (x402 payments, predictions/backtests, bank linking, reputation scores) align with the included code (aptos/evm wallet, x402/mcp client, tools). Required binaries (node/npm) are appropriate. However registry/metadata declares no required env vars or config paths even though SKILL.md and package.json document many expected environment variables (X402_FACILITATOR_URL, HUGGINGFACE_API_KEY/HF_TOKEN, APTOS/EVM wallet paths or private keys, LLM_MODEL, etc.), which is an inconsistency that reduces transparency.
!
Instruction Scope
Runtime instructions and scripts read local wallet files (~/.aptos-agent-wallets.json, ~/.evm-wallets.json) and/or environment private keys (APTOS_PRIVATE_KEY, EVM_PRIVATE_KEY) and sign attestation/payment payloads, call external facilitator endpoints, and perform on-chain actions. Those actions are necessary for the stated payment capability, but the SKILL.md instructs the agent to access secrets and local wallet files that were not declared in the skill metadata and to contact external endpoints (facilitator, arnstein.ch flow page, GitHub raw URLs) — this is scope-expanding and should be explicit to users.
Install Mechanism
There is no install spec provided by the registry (lowest transport risk). The package includes a full Node.js project with package.json/package-lock and many dependencies (LangChain, viem, @aptos-labs packages). Installing would require npm and will pull third-party packages from npm; that's expected for this functionality but the registry metadata not marking required env/config is inconsistent with the code. No remote arbitrary archive downloads were found.
!
Credentials
The skill requires access to sensitive secrets in practice (wallet private keys, HF API keys, facilitator URL, optional GH_TOKEN) to operate, but the registry lists no required env vars or primary credential. The number and sensitivity of these credentials are proportionate to a payments/wallet skill — but they must be disclosed. The metadata omission is a red flag: the skill will access local keys/files and environment variables that a user may not expect to be needed.
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation:false (normal) — so the skill can be invoked autonomously by the agent. Given the skill can sign on-chain payments and retry MCP calls automatically, autonomous invocation increases blast radius (the agent could initiate payments). This is expected for a payment-capable tool, but users should be aware and restrict keys/funds to testnets or require user confirmation for spends.
What to consider before installing
This skill appears to implement what it claims (Aptos/EVM wallets, x402 payment flow, prediction/backtest/bank-link tools), but pay close attention before installing or supplying secrets: 1) Metadata omits required env vars/config — the code expects X402_FACILITATOR_URL, wallet private keys or wallet files (APTOS_PRIVATE_KEY, EVM_PRIVATE_KEY, APTOS_WALLET_PATH, EVM_WALLET_PATH), HF API keys, etc. 2) The skill reads/writes local wallet files and can sign transactions and submit payments — do NOT provide mainnet private keys or large balances; use testnet keys/funds only. 3) Verify the facilitator URL and repository source (package.json points at a GitHub repo); confirm the code you install matches the upstream repo and that the facilitator service is trustworthy. 4) If you need to allow autonomous agent invocation, restrict its permissions or require explicit user approval for payment actions. 5) If unsure, review the src/ files (attest-*, signPayment, mcp client) yourself or run the skill in a sandboxed/test environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97944er3dpnkhg64fp1j11b0580zhy5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
Binsnode, npm

Comments