Back to skill
Skillv0.3.1
ClawScan security
AgentPay SDK · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 20, 2026, 3:18 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (operating the agentpay CLI) but references a one‑click bootstrap (curl | bash) from an unfamiliar domain and suggests installing runtime bundles, which is a disproportionate install risk and worth verifying before use.
- Guidance
- This skill appears to do what it claims (operate the agentpay CLI), but before running any install instructions verify the bootstrap installer. The SKILL.md suggests running: curl -fsSL https://wlfi.sh | bash — avoid piping remote scripts to your shell without review. Prefer obtaining agentpay from a well-known release (GitHub releases, package registry) or inspect wlfi.sh first (curl -fsSL https://wlfi.sh and read it) and prefer the '--skills-only' option if you only want AI adapters. Do not paste any vault passwords or backup passwords into chat; follow the secure‑prompt guidance in SKILL.md and run agentpay admin setup locally. If you need higher confidence, ask the publisher for cryptographic release artifacts or a recognized release URL.
Review Dimensions
- Purpose & Capability
- okName, description, and files all focus on installing and operating the agentpay CLI and local wallet. Required binary 'agentpay' and included helper scripts (QR generator, funding request) are expected for this purpose.
- Instruction Scope
- noteSKILL.md stays within the agentpay domain and explicitly forbids asking for vault passwords in chat. It references external services relevant to payments (mpp.dev, parallelmpp.dev) and a QR fallback (quickchart.io), which are consistent with funding/payment workflows but are external network calls the operator should expect.
- Install Mechanism
- concernThere is no formal install spec, but SKILL.md recommends a one‑click bootstrap using curl -fsSL https://wlfi.sh | bash. That pattern (curl | bash) points to executing code fetched from an external, non-standard host (worldlibertyfinancial.com/wlfi.sh) and is higher risk than a vetted release host (GitHub releases, official package registries).
- Credentials
- okThe skill requires no credentials or sensitive env vars. Optional workspace env overrides are documented and proportional. The SKILL.md explicitly disallows collecting vault passwords or plugin session material via chat.
- Persistence & Privilege
- okSkill is not 'always' and is user-invocable. It does not request elevated platform privileges in metadata. The installer, if run by the user, may install runtime bundles and write files (expected for a CLI/runtime), but the skill itself does not force persistent/autonomous presence.