Skillv1.3.0

ClawScan security

庄家异动探测器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (Polymarket monitoring + SkillPay payments) but contains inconsistencies and a hardcoded SkillPay API key in source, plus mismatched manifests and a runtime bug — these discrepancies are concerning and should be resolved before use.
Guidance: Do not install or run this skill until the developer fixes the issues. Specific actions to take: 1) Treat the embedded SKILLPAY_API_KEY as compromised — do not rely on it; if you control that SkillPay account rotate/revoke the key immediately. 2) Require the developer to remove hardcoded secrets and read SKILLPAY_API_KEY from an environment variable or secret manager; update SKILL.md to document required env vars. 3) Fix the runtime bug (undefined API_KEY) and re-test. 4) Confirm the SkillPay account used is owned by the skill author and you accept paying through it; otherwise configure your own SkillPay credentials. 5) Consider the permissive network/CORS settings and ensure you are comfortable with outbound network calls to api.skillpay.me and clob.polymarket.com. If you don't trust the author or cannot get these fixes, classify this skill as unsafe to use.
Findings: [hardcoded-api-key-in-source] unexpected: main.py contains a literal SkillPay API key string assigned to SKILLPAY_API_KEY. A payment-integration skill should read this from an environment variable or secret store, not embed it in source. This is a credential exposure risk. [undefined-variable-runtime-bug] unexpected: The GET /invoke route returns API_KEY is not None, but API_KEY is not defined anywhere in main.py; this will raise a NameError at runtime. This indicates the packaged code may be untested or modified incorrectly.

Review Dimensions

Purpose & Capability: concernThe code implements Polymarket market fetching and SkillPay payment flows, which aligns with the description. However metadata is inconsistent: the top-level registry summary said 'required env vars: none' and SKILL.md omitted credentials, while skill.yaml declares SKILLPAY_API_KEY as required. The presence of an embedded SKILLPAY_API_KEY literal in main.py is disproportionate (a runtime env var should be used).
Instruction Scope: concernSKILL.md gives only a high-level description and deployment note; the actual code performs network calls to Polymarket and SkillPay and implements payment polling and charge creation. The code also enables very permissive CORS (allow_origins=['*'], allow_origin_regex='.*'). Additionally, the GET /invoke handler references an undefined API_KEY variable (likely a bug) which will raise a runtime error; this mismatch between instructions and actual runtime behavior is concerning.
Install Mechanism: okThere is no install-from-URL behavior; requirements.txt lists standard Python packages (fastapi, uvicorn, requests, pydantic). No archive downloads or unusual install steps are present.
Credentials: concernThe skill requires network access and a SkillPay API key (skill.yaml). That is proportionate to payment functionality, but main.py contains a hardcoded SKILLPAY_API_KEY string embedded in the source — this is a secret leak and unacceptable. Also SKILL.md did not document the env var requirement, and the registry summary initially claimed none, producing confusing and potentially dangerous expectations for users. If that embedded key is valid, it has already been exposed and should be rotated.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated platform privileges and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default).