Back to skill
Skillv1.0.1
ClawScan security
Ripley Pocket For Monero · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 5:42 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a Monero payment gateway client: it only needs an API key and a base URL and the SKILL.md describes only REST calls for payments and account management.
- Guidance
- This skill appears to be what it says — a REST client for a custodial Monero payments gateway. Before installing: only provide an API_KEY you trust the skill to use (prefer a key scoped for the actions you want, or a test key), test with minimal funds, and monitor activity. Consider restricting autonomous invocation (require explicit user confirmation) if you do not want the agent to make payments automatically. Because the skill's source/homepage is unknown, verify the service operator and that you are comfortable entrusting them with custody of funds before moving real value.
Review Dimensions
- Purpose & Capability
- okName, description, and declared environment variables (API_KEY, RIPLEY_URL) match a client for a custodial Monero payments API. No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- okSKILL.md contains concrete curl examples and endpoint descriptions limited to registration, balance, payments, swaps, and deposit flows. It does not instruct the agent to read local files or unrelated environment variables. Note: the doc tells the user to 'save the api_key' (it is shown only once), which implies the agent or user will persist a secret — handle storage carefully.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files, so nothing is written to disk or pulled from remote sources by the skill itself.
- Credentials
- okOnly a single primary credential (API_KEY) and an optional RIPLEY_URL are declared — this is proportionate for a REST API client that authenticates via X-API-KEY.
- Persistence & Privilege
- notealways:false (normal). The skill permits autonomous invocation (disable-model-invocation:false), which is platform-default; because this skill can initiate payments, giving it an API_KEY allows it to act on funds if invoked autonomously. This is expected for a payments client but is an operational risk to consider.