ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

showmethemoney skill

v1.0.0

Paid demo skill for StablePay on Solana using USDC. Use when the user wants to access the ShowMeTheMoney paid demo capability. This skill is publicly listed...

0· 57·0 current·0 all-time
by@bubblevan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description says this is a StablePay/ Solana paid demo, but the Execute endpoint is hosted on an unrelated domain (https://wenfu.cc/showmethemoney) while the verify URL points to api.stablepay.co. The skill also contains a placeholder merchant DID (did:solana:REPLACE_WITH_YOUR_SKILL_DID), indicating incomplete configuration. It's unclear why an unrelated domain is used to perform the paid operation instead of StablePay's domain.
!
Instruction Scope
Runtime instructions tell the agent to 'call the Execute endpoint' but do not specify request payloads, headers, or what context to include. That vagueness gives the agent broad discretion and could result in sending sensitive user or agent data to the external endpoint. The instructions rely on 'let the StablePay plugin handle the payment flow' but do not declare how that plugin is available or authenticated.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no binaries. No files will be written to disk by an install step, which minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate at first glance. However, the verify URL expects an {AGENT_DID} placeholder (not declared), and the merchant DID must be replaced. The lack of declared required credentials or explicit data handling makes it unclear what platform-provided identifiers or secrets the skill will use or expose.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modifications to other skills. Autonomous invocation is allowed (platform default) but that alone is not a red flag; combined with the other concerns it means the skill could autonomously send data to the third-party endpoint.
What to consider before installing
This skill is suspicious because it directs the agent to contact a third-party domain (wenfu.cc) for the paid Execute action while claiming StablePay enforcement. Before installing: 1) Ask the publisher to explain why the Execute endpoint uses wenfu.cc and supply a verified publisher/homepage. 2) Request exact request/response schemas (what fields are sent, headers used, and whether conversation/context or PII is included). 3) Require that the merchant DID be provided (not left as a placeholder) and that verification use only api.stablepay.co (or an explicitly documented StablePay integration). 4) If you consider installing, prefer allowing only user-invoked runs (disable autonomous invocation) and/or review network calls through a proxy so you can inspect outbound payloads. If you cannot get these clarifications and assurances, do not install or enable automatic invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dx35werbxxj1kbtjpb1dbth83rv03

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments