Locus Contractors
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly about Locus payments and freelance orders, but it gives an agent wallet-spending authority and recurring remote-update/polling instructions that should be reviewed carefully.
Install only if you are comfortable letting an agent interact with a crypto wallet and paid freelance marketplace. Before use, configure strict Locus spending limits and approval thresholds, require human confirmation for every payment or order, keep the API key secret, and avoid automatic remote skill updates or autonomous new-order creation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend wallet funds or send funds to the wrong recipient if it is invoked incorrectly, manipulated by bad input, or given too much autonomy.
The skill exposes a workflow for arbitrary USDC transfers and only describes human approval when a configurable threshold is exceeded, so lower-value but still real payments may be performed by the agent/API key.
Transfer USDC to any address on Base ... Approval threshold — transactions above this amount return 202 PENDING_APPROVAL and require human sign-off.
Require explicit human confirmation for every payment and order, verify recipient/amount/request details, and set strict allowance, maximum transaction size, and approval-threshold policies in the Locus dashboard.
Future remote changes to these Markdown files could alter how the agent handles payments or orders without the user noticing through the reviewed artifact set.
The heartbeat routine instructs periodic replacement of local skill instructions from mutable remote URLs without an integrity check or pinned registry version.
If there's a new version, re-fetch the skill files: curl -s https://paywithlocus.com/skill.md > ~/.locus/skills/SKILL.md
Do not auto-update the skill instructions; review changes manually, prefer registry-pinned versions, and require signed/checksummed updates before using them with spending authority.
A background agent routine could repeatedly evaluate tasks and start paid orders without a fresh, explicit user request each time.
The skill asks to add a recurring autonomous routine that can move beyond status polling into initiating new paid freelance orders.
Run this every 30 minutes ... Do You Need to Order Anything? Ask yourself: ... Is there a recurring need ... If yes, follow FIVERR.md to place a new order.
Limit heartbeat behavior to read-only status polling, disable autonomous new-order creation, and require a separate human-approved prompt for each paid order.
Anyone or any agent with this key may be able to spend from the Locus wallet within configured limits.
The skill uses an API key that is expected for Locus, but the artifact itself states that the key represents spending identity for the wallet.
Check for a saved Locus API key at ~/.config/locus/credentials.json or in the LOCUS_API_KEY environment variable ... Your API key is your identity. Leaking it means someone else can spend your wallet.
Store the key securely, avoid sharing it with unrelated tools, rotate it if exposed, and use the narrowest Locus limits available.
Local files may retain order history and deliverable links that could reveal business activity or project details.
The heartbeat flow maintains persistent local order state, including statuses and deliverable references, so users should understand what is retained between runs.
Before polling, load your memory file at ~/.config/locus/memory.json. This tracks the last known state of each order so you can detect what actually changed.
Keep the memory file private, delete it when no longer needed, and avoid storing sensitive deliverable URLs or order details unnecessarily.