LocalSquare - Local Business Ads
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently about buying a public LocalSquare ad pin, but it involves wallet signing, payment, and public business listing data that users should approve carefully.
Use this only if you want an agent to help purchase a LocalSquare ad pin. Before approving, verify the website, facilitator, recipient address, network, amount, town, and square position; never provide raw private keys; and understand that submitted business contact details may become public and indexed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wallet approval can spend USDC if the amount or recipient is wrong.
The skill requires access to a wallet-signing flow that can authorize spending funds, even though it instructs users to keep private keys out of the agent.
Required capabilities: Crypto wallet with USDC on Base network (chain ID 8453), external wallet signing
Use only an external wallet signer, never paste private keys, and verify the recipient, network, and amount in the wallet prompt before approving.
The agent may help initiate a paid API action that reserves a square and creates an ad pin.
The artifact documents a paid claim workflow and correctly gates it on explicit user confirmation, making the payment action purpose-aligned but still high-impact enough to notice.
ALWAYS confirm with the user before making any payment.
Only approve claims you intentionally requested, and confirm the town, cell position, price, and total number of squares before payment.
Business details submitted for a pin may become publicly indexed and difficult to fully retract from search results.
A single claim can publish business information into search and AI-visible surfaces, which is intended for advertising but can be persistent and broadly visible.
Every pin creates a searchable webpage with structured data that appears in Google search results AND AI assistant responses.
Use business contact information only, review the listing content before publishing, and make sure the business owner wants public indexing.
A user could feel pressured to make a payment before independently evaluating the service and pricing claims.
The artifact uses urgency-oriented promotional wording around a paid transaction; this is disclosed marketing language rather than hidden behavior.
This early adopter pricing won't last forever.
Treat pricing and SEO claims as promotional; verify the service, terms, and value before approving any payment.
Users have less registry-level provenance to rely on when deciding whether to trust the external service.
The registry metadata lacks source and homepage provenance while the skill asks users to interact with an external payment-backed service.
Source: unknown; Homepage: none
Verify the LocalSquare domain, x402 facilitator details, terms, and payment recipient through trusted channels before signing.