Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PayLobster
v4.6.0Agent payment infrastructure on Base. Trustless escrow, agent treasury, token swaps, cross-chain bridges, fiat on/off ramp, on-chain identity & reputation, s...
⭐ 4· 1.4k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a full payments/escrow/treasury system on Base, which legitimately requires wallets, API keys, and integration credentials; however the registry metadata lists no required env vars, no primary credential, and no install/binaries. The lack of declared credentials and absent homepage/source makes the provenance and capability claims inconsistent with what a payments integration would normally require.
Instruction Scope
SKILL.md contains concrete runtime instructions that call external endpoints (paylobster.com), create merchant API keys, perform charges, and show wallet signing flows. These instructions implicitly require handling secrets (sk_live_...), signing with wallets, and authorizing on-chain token transfers. The instructions do not limit or warn about secret handling, and they expose operations that could move funds or reveal rich agent identity data (SIWA profile endpoints that return full profiles).
Install Mechanism
Instruction-only skill with no install spec and no code files — low install-time risk because nothing is written or executed locally by an installer. The main runtime risk is network calls to an external service rather than local code execution from an untrusted download.
Credentials
The SKILL.md shows use of merchant secrets (sk_live_...), onramp/offramp, and wallet operations, but the skill declares no required environment variables or primary credential. That omission is disproportionate: a payment integration should explicitly declare needed credentials and scope. The skill also references Coinbase and third-party integrations without declaring required tokens or config paths.
Persistence & Privilege
The skill does not request always:true, does not install code, and does not declare writing to agent/system config. Autonomous invocation is allowed by default but is not combined here with any declared persistent privilege in the package metadata.
What to consider before installing
This skill interacts with money and agent identity — do not install or give it any secret keys until you verify the provider and provenance. Questions to resolve before proceeding: (1) Where is the code hosted and who operates paylobster.com? (2) Ask the publisher to declare required environment variables and the exact flows for key management (who holds sk_live secrets, where are they stored, and is there a sandbox mode?). (3) Require manual confirmation for any fund-moving actions and test only with small amounts or a sandbox network. (4) If you plan to let the agent act autonomously, restrict its ability to sign or transmit transactions and require explicit user approval for payments. If the publisher cannot provide verifiable source, documentation, and a sandbox, treat this skill as higher risk and avoid exposing live secrets or wallets.Like a lobster shell, security has layers — review code before you run it.
latestvk97fhxvxhpm926y6hgzfym0s7d83sx56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.