ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mcp Server

v0.1.3

Search and buy digital game codes, eShop cards, PSN vouchers from Play-Asia.com via HTTP. Three purchase methods — Wallet (instant), Lightning (instant), Bit...

1· 124·0 current·0 all-time
byTom@tom-playasia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description claim: search and buy digital codes from Play‑Asia. The code and docs implement browsing plus account and purchase operations (wallet buys, order management, CS tickets) that legitimately require a platform token (PA_TOKEN). However the SKILL.md frontmatter and some top-level text state "auth_required: false" and "Does not perform purchases or access user data," which contradicts the rest of the manifest and the included code. This mismatch is significant because it downplays that the skill can act on behalf of an account and spend wallet balance.
!
Instruction Scope
Runtime instructions and tool definitions clearly include transactional operations (buy_with_wallet, buy_digital_product, get_order, cs/submit) and explain how to pass a PA_TOKEN. The skill tells agents to store order_sid for anonymous BTC orders and gives flows for paying Lightning invoices. It does not instruct reading unrelated host files or arbitrary env vars, but it does guide storing PA_TOKEN in MCP configs — giving any agent running the MCP server access to that token. Also some doc variants (SKILL-mcp.md) recommend using 'npx' while registry metadata lists no required binaries; minor inconsistency but mostly documentation noise.
Install Mechanism
There is no remote download/install URL in the registry entry (instruction-only deployment). Source contains Node.js code and package metadata (package.json, package-lock.json) that would be installed via npm/npx if published; dependencies are standard (esbuild, types, and @modelcontextprotocol/sdk). No suspicious external download URLs or obfuscated installers were found. deploy.sh automates publishing and is straightforward (macOS sed invocation noted).
Credentials
The only required env var is PA_TOKEN (primary credential) and an optional PA_BASE_URL override; this is proportionate for wallet/order features. Important caveats: if PA_TOKEN has "purchase" scope the agent can autonomously spend wallet funds via buy_with_wallet. The docs recommend setting daily/weekly spending limits when generating tokens — you should enforce minimal scopes and limits. Also a minor docs/code mismatch: some docs suggest token can be passed in request bodies or headers interchangeably, but the code uses process.env.PA_TOKEN for authenticated platform calls (it does not take arbitrary token strings from tool input).
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. By default the skill can be invoked autonomously (disable-model-invocation = false), which is the platform default; combined with wallet-purchasing capability this increases blast radius if you supply a purchase-capable token, but there is no unusual persistence requested by the skill itself.
What to consider before installing
What to check before installing: - The SKILL frontmatter/documentation is contradictory: it claims "no auth / discovery‑only" yet the code exposes wallet and purchase tools that require PA_TOKEN and can spend funds. Treat the skill as capable of account operations, not read‑only discovery. - Only provide PA_TOKEN if you trust the skill source. Prefer tokens with the least privilege ("info" scope) for read-only actions; avoid giving "purchase" scope unless you explicitly want the agent to buy things. When generating a token at Play‑Asia, set strict daily/weekly spending limits and keep the token scope minimal. - If you want browsing/search only, run the tools without setting PA_TOKEN or use anonymous Lightning/Bitcoin flows (these do not require platform tokens). Anonymous Lightning purchases still require paying invoices and handling preimages locally. - Verify provenance: the skill metadata lists a homepage at play-asia.com, but the registry owner and source are "unknown" — confirm the repository/publisher and prefer the official Play‑Asia release or an official npm package. PUBLISHING.md notes the npm package is not yet published; beware of impostor packages if/when one appears. - Review the code if possible: the included source is readable, uses plain HTTP fetch to the documented endpoints, and contains no obvious obfuscation or hidden exfiltration. However, installing/running the package (via npx or npm) will execute code that can call the network and act with any PA_TOKEN you supply. - Operational advice: store PA_TOKEN in a protected MCP config accessible only to the agent instance you trust, set token scope/limits, and monitor transactions (get_transactions/get_orders) after enabling the skill. If you only need read-only browsing, avoid configuring PA_TOKEN at all.
src/lib/l402.ts:3
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2jf769sqr3bdcm0rcq0en984capf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvPA_TOKEN
Primary envPA_TOKEN

Comments