ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Caravo Service Marketplace

v0.4.22

Caravo is the first service marketplace built for autonomous AI agents — featuring 200+ ready-to-use services across categories: AI Models, Search, Data & An...

1· 913·2 current·2 all-time
byWanrong He@azure-vision
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the required pieces: Node + an npm CLI package (@caravo/cli) + a CARAVO_API_KEY credential are all coherent for a marketplace/CLI integration. However the registry summary shows 'Required env vars: none' while the skill declares a primaryEnv of CARAVO_API_KEY, and the registry metadata provides no homepage though SKILL.md references caravo.ai and GitHub. These metadata inconsistencies should be resolved.
!
Instruction Scope
The runtime instructions require running 'npx -y @caravo/cli@latest start' on first use, and the CLI will auto-generate a local wallet (~/.caravo/wallet.json) and handle micropayments automatically. That goes beyond mere data lookup: the skill can cause financial actions, create and store private keys locally, and proxy calls to many external services (email, SMS, scraping, model inference). Those behaviors are plausible for a marketplace but materially expand the agent's power and risk — the SKILL.md asserts constraints (only touch ~/.caravo) but there is no code included here to verify those claims.
Install Mechanism
Install is via a published Node package (@caravo/cli) which is a common, expected mechanism. NPM installs run untrusted code at install/run time; this is moderate risk but not unusual for a CLI. There is no direct download-from-URL or obscure host, which lowers risk. Because this skill is instruction-only, the npm package will be the executable code executed on first use — inspect the package and GitHub repo before trusting it.
!
Credentials
Requiring a CARAVO_API_KEY as the primary credential is reasonable for a marketplace, but the registry metadata's omission of required env vars conflicts with the SKILL.md's primaryEnv. More importantly, the CLI auto-generates and stores a local USDC wallet (wallet.json) which contains private keys used to pay providers; that file is a high-value secret on disk. The skill can therefore trigger spendable actions without provider-specific keys, so the financial blast radius is larger than a simple API key. The skill does not require other provider credentials, which is coherent, but the payment/wallet behavior increases sensitivity.
Persistence & Privilege
always:false (not forced into every agent) and no special system-wide privileges are requested. The skill does create and use files under ~/.caravo/, which is consistent with its stated wallet/config behavior. Note: default agent autonomy (disable-model-invocation:false) combined with the ability to make payments increases potential impact if the agent is allowed to act without human confirmation.
What to consider before installing
This skill is plausible for a service marketplace but take these precautions before installing or enabling it: - Verify the npm package and GitHub repo: inspect @caravo/cli source code (the SKILL.md points to https://github.com/Caravo-AI/Agent-Skills and caravo.ai) and the package published on npm to confirm it does what it claims. - Treat the generated ~/.caravo/wallet.json as a sensitive secret: the CLI will create a local wallet and can sign micropayments. Consider funding the wallet with only a small amount for testing. - Do not expose high-value API keys or production credentials to the skill. Use a dedicated CARAVO_API_KEY for testing and limit agent autonomy for any paid operations (require human approval). - Because installation runs arbitrary Node code, run the CLI in a controlled environment (container or VM) if you need to audit behavior first. - Resolve metadata mismatches with the publisher (missing homepage in registry summary, 'required env vars' inconsistency) before trusting automatic install or payments. If you can't or won't inspect the package/source, treat this skill as potentially risky for financial or data-exfiltration impact and avoid enabling autonomous invocation for paid tasks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97arf11ygpeewhfyxtdrvc83x82ctg0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsnode
Primary envCARAVO_API_KEY

Install

Caravo CLI — open-source, MIT licensed
Bins: caravo
npm i -g @caravo/cli

Comments