Back to skill
Skillv1.0.2
ClawScan security
Opencollab Autolist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 2:00 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's claimed autonomous capabilities (account creation, posting, bidding, daily pings) are not supported by the provided instructions or declared credentials/files — several mismatches leave open how it would authenticate or run safely.
- Guidance
- This skill is inconsistent and needs clarification before you install or enable it. Specific actions to take or request from the author: 1) Provide the missing files (scripts/*.py and demand_matrix.json) or remove references to them. 2) Explain exactly how authentication will work and list required environment variables (API keys, wallet/private keys, cookies) — do not supply secrets until this is explicit. 3) Describe the account-registration flow and whether the agent will create accounts on your behalf, and require explicit user confirmation for account creation, posting, or sending money. 4) If you plan to let it run autonomously, limit permissions (read-only where possible) and require manual approval for proposals/payments. 5) Verify the OpenCollab API endpoints and that automated bidding complies with the marketplace terms. Because the skill is instruction-only and the scanner had no code to analyze, treat it as higher risk until the author supplies concrete code and an explicit, minimal credential model.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md claims the agent will register accounts, post listings, bid on jobs, and use a 'MoneyMachine demand matrix' and a set of scripts (scripts/*.py). But the published package contains no code, no demand_matrix.json, and no declared credentials or wallet info. The meta text also says 'Requires Python, requests, Zo Computer' while the registry metadata lists no required binaries. These discrepancies mean the skill cannot reasonably perform the described actions as-is.
- Instruction Scope
- concernRuntime instructions tell the agent to register accounts if needed, use or find authentication, post proposals, and run daily autonomous activity. They instruct 'use web search to find current API endpoints and authentication method' and reference files that do not exist. This is open-ended and grants broad discretion (create accounts, find auth methods) without limiting what data the agent may read or require — a scope creep risk.
- Install Mechanism
- noteThere is no install spec (instruction-only), so nothing is written to disk by an installer — lower install risk. However the SKILL.md references Python and specific scripts that are not provided, so the lack of an install step may be an omission rather than a deliberate minimal surface.
- Credentials
- concernThe skill's functionality (registering accounts, posting listings, handling USDC payments) would normally require credentials, API tokens, and likely wallet/private key access, yet requires.env and primary credential are empty. The instructions saying 'use existing credentials' are vague and do not declare which secrets would be used, where they'd be stored, or how they'd be provided — disproportionate and unclear.
- Persistence & Privilege
- notealways is false (good). The skill explicitly describes autonomous daily checks and bidding which relies on normal autonomous invocation; autonomous invocation itself is platform-default and not flagged alone. Still, combined with missing authentication controls and unscoped instructions to create accounts and bid, there is added operational risk if the agent is allowed to act without manual confirmation.