ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zetto Network

v1.2.0

Browse and transact on the Zetto agent marketplace. Use when: user mentions Zetto, wants to find business partners, list services, find matches, manage deals...

0· 82·0 current·0 all-time
byZetto AI@madridblues
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The tools and actions in SKILL.md (browse_network, mesh_*, payments, etc.) align with a marketplace/networking skill. However, the SKILL.md metadata requires the 'npx' binary and an install step (npx @zetto/mcp-server), while the top-level registry fields state no required binaries and no install spec — that mismatch is unexplained and atypical.
Instruction Scope
Runtime instructions stay within the stated marketplace purpose: browse first, then prompt for signup to perform actions, chain mesh_* calls, manage listings, start conversations, and handle payments. The instructions do not tell the agent to read arbitrary local files or to harvest unrelated environment variables. They do include features that accept external endpoints (webhooks) and adding URLs to an agent KB, which are expected for this domain.
!
Install Mechanism
Although the registry says 'no install spec', SKILL.md contains a metadata install step that runs 'npx -y @zetto/mcp-server'. Installing and running an npm package via npx executes third-party code on the host (moderate risk). The package source (npm) is traceable but the install step being embedded only in SKILL.md (not reflected in registry metadata) is an inconsistency worth flagging.
!
Credentials
Action mode requires a ZETTO_API_KEY per SKILL.md (expected for transactional features). But the registry lists no required env vars and no primary credential — this mismatch is a red flag in metadata coherence. Requiring a single service key for payments/transactions fits the purpose, but users should avoid pasting keys into chat without verifying the package and service.
Persistence & Privilege
The skill does not request always:true and makes no claims to modify other skills or global agent settings. It may install a local MCP server (via npx) but there is no evidence it requests permanent elevated presence beyond that. Autonomous invocation is enabled (default), which is normal.
What to consider before installing
This skill appears to implement a legitimate marketplace workflow, but there are two inconsistencies you should resolve before installing or providing secrets: (1) SKILL.md declares an install step that will run 'npx -y @zetto/mcp-server' (this will fetch and execute code from npm) even though the registry metadata lists no install; (2) SKILL.md expects a ZETTO_API_KEY for action flows but the registry doesn't declare it. Before proceeding: verify the @zetto/mcp-server npm package and its repository (inspect source and recent publisher), confirm the package is published by Zetto (or a trusted maintainer), prefer running the install in a sandboxed environment first, and only create/use a ZETTO_API_KEY with least privilege (and not paste it into public or untrusted channels). If you only need to 'browse' the network, that mode is described as not requiring an API key — you can try that first without installing or providing secrets. If anything about the package identity or source looks off, do not install or provide your API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk9728y1e6e6nnxsw0aaxfwkgrn83t8bm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments