Skillv1.0.1

ClawScan security

Buymeacoffee Autobot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:28 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions require browser automation and handling of login credentials but the manifest declares no dependencies, no required environment variables, and no install steps — several mismatches that could expose your account credentials or cause unexpected behavior.
Guidance: This skill asks you to provide your Buy Me a Coffee login (email/password) and to run browser automation, but the package metadata does not declare those sensitive requirements or how credentials will be stored. Before installing or using it: 1) Ask for the skill source code and review it (or refuse unknown authors). 2) Prefer OAuth/official APIs or service-specific tokens over storing raw passwords; never hand your account password to an untrusted skill. 3) Verify how and where credentials are saved (encrypted vault, not plaintext in a config file). 4) Be aware that browser scraping and cross-posting can violate platform Terms of Service and may trigger rate limits or bans. 5) If you still want to try it, run it in an isolated environment (sandbox/VM) and install required dependencies (Python, Selenium, appropriate browser driver) yourself after code review. 6) If the author cannot justify missing manifest fields (required env vars, install steps, homepage/source), treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims to automate Buy Me a Coffee/Ko-fi actions (posting, thanking supporters, scraping earnings, cross-posting). However the registry metadata declares no credentials or dependencies. The SKILL.md explicitly asks users to save BMC_EMAIL, BMC_PASSWORD and BMC_PAGE_URL and relies on Selenium/browser automation and scraping — things that require credentials and drivers. The declared purpose does not justify the omission of those requirements in the manifest.
Instruction Scope: concernRuntime instructions direct browser automation (Selenium), scraping of earnings, sending personalized thank-you messages, and cross-posting to other social platforms. These activities require accessing and storing account credentials and reading/writing scheduling/config files. The instructions are vague about where credentials are stored, how they are protected, and which external accounts or endpoints will be contacted.
Install Mechanism: noteThis is an instruction‑only skill with no install spec, but SKILL.md lists runtime requirements (Python 3, requests, Selenium) and implies use of browser drivers. The lack of an install spec or dependency list is inconsistent and means an implementer must manually install components; that increases risk and user burden.
Credentials: concernThe manifest lists no required env vars, yet SKILL.md instructs saving plaintext BMC_EMAIL and BMC_PASSWORD and a page URL. Cross-promotion and affiliate operations would likely need additional social platform credentials. Requesting raw login credentials without declaring them or recommending secure storage is disproportionate and risky.
Persistence & Privilege: okalways is false and the skill does not request elevated or system-wide persistence. Model invocation is allowed (default), which is expected for user-invocable automation skills. There is no evidence it modifies other skills or global agent settings.