Clawhub Oneshot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to let an agent spend wallet-backed funds and take real-world actions like emailing, calling, texting, and buying products, but it does not clearly define approval, spending, or credential boundaries.
Install only if you intentionally want an agent to perform paid real-world actions. Start in test mode, use a dedicated low-balance wallet, avoid raw private keys, pin and inspect the npm/MCP packages, and require manual confirmation before any email, SMS, call, purchase, website update, or production payment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could send messages, place calls, buy products, or incur charges if the user or agent invokes these tools without careful confirmation.
The skill exposes high-impact tools that can contact third parties, make purchases, and incur automatic payments, but the visible instructions do not define mandatory approval or spending controls.
Send emails, make calls, research, buy products, and more with automatic x402 payments.
Use only with explicit per-action approval, strict spending caps, test mode first, and clear limits on recipients, phone numbers, purchases, and production payments.
Wallet credentials can authorize payment activity, and exposing a raw private key could put funds at risk if mishandled.
The instructions require wallet/API secrets or a raw private key for payment signing, while the provided registry metadata declares no required environment variables or primary credential.
export CDP_API_KEY_ID="your-api-key-id" ... export CDP_API_KEY_SECRET="your-api-key-secret" ... export ONESHOT_WALLET_PRIVATE_KEY="0xYourPrivateKey"
Prefer a dedicated low-balance/test wallet, avoid raw private keys when possible, keep production credentials isolated, and require the skill metadata to declare its credential requirements clearly.
External package code may run in the user's environment and may receive wallet credentials if configured for the MCP server.
The setup relies on external npm packages, including an npx-based MCP server path, but the artifact set provides no lockfile, pinned version, install spec, or reviewed package contents.
npm install @oneshot-agent/sdk ... npm install -g @oneshot-agent/mcp-server ... "args": ["-y", "@oneshot-agent/mcp-server"]
Inspect the npm packages, pin exact versions, install from trusted sources only, and avoid passing production wallet credentials to unreviewed package versions.
Personal contact, profile, shipping, and purchase information may be shared with OneShot tools and downstream service providers during normal use.
The skill documents an MCP/tool-provider integration for actions that may include email addresses, phone numbers, shipping addresses, LinkedIn URLs, and purchase details, but the visible text does not describe data retention or boundary controls.
Use OneShot tools in Claude Desktop, Cursor, OpenClaw, or Claude Code
Share only data needed for a specific task, review the provider's privacy and retention terms, and avoid routing sensitive personal data through the MCP tools unless necessary.