Skillv1.3.0

ClawScan security

Openclaw Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 7, 2026, 9:24 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and behavior broadly match its stated purpose (pay-per-call APIs using a Base wallet), but it asks for a highly sensitive private key and installs a third‑party Node package (source not fully verifiable here), so you should verify the SDK and signing behavior before trusting your wallet.
Guidance: This skill is coherent with its purpose but handles a highly sensitive secret (your wallet private key) and installs a third‑party Node package to do signing and network calls. Before installing or supplying a private key: 1) Review the claw402-js package source (or vendor) to confirm signing occurs locally and that the private key is never transmitted. 2) Prefer using a burner or limited‑fund wallet for testing rather than your main wallet. 3) Test with tiny amounts of USDC on a small transaction or testnet first. 4) If you cannot audit the SDK, do not provide a key that controls significant funds. 5) Verify the gateway URL and maintainer identity; consider running the SDK code in an isolated environment. These steps reduce risk of irreversible fund loss or key exfiltration.

Review Dimensions

Purpose & Capability: okThe skill claims to perform micropayments from a Base wallet and therefore legitimately needs a WALLET_PRIVATE_KEY for signing transactions; the endpoints described align with a pay-per-call gateway model.
Instruction Scope: noteSKILL.md and scripts/query.mjs show the agent making GET/POST calls to a gateway (default https://claw402.ai) and creating signed payments locally via the SDK. The runtime script also accepts an optional CLAW402_GATEWAY env var (not declared in requires.env). The instructions give the skill broad authority to call many provider endpoints and to POST arbitrary JSON; this is consistent with the advertised capability but increases blast radius if the SDK or gateway are malicious.
Install Mechanism: concernInstall is a Node package listed as NoFxAiOS/claw402-js (likely an npm/GitHub package). Pulling and executing a third‑party package that handles private keys is moderate‑to‑high risk unless you can audit the package source or trust the maintainer; no integrity hash or vetted registry attribution is provided in metadata.
Credentials: concernOnly WALLET_PRIVATE_KEY is required and that is logically necessary for signing micropayments, but it is an extremely sensitive secret. The SKILL.md asserts 'Private key never transmitted — signs locally only' but that claim cannot be verified from included files (the SDK code is not present). The script also reads CLAW402_GATEWAY from env, which is undeclared in the skill's requires list.
Persistence & Privilege: okThe skill does not request always:true and has no elevated platform privileges listed. It is user‑invocable and can be invoked autonomously by the agent (default), which is expected for skills.