Skillv1.4.0

ClawScan security

庄家异动探测器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 12:44 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (monitor Polymarket and charge 0.01 via SkillPay) is plausible, but source files contain a hardcoded SkillPay API key and metadata about required env vars is inconsistent — these mismatches warrant caution.
Guidance: This skill largely does what it says (polls Polymarket, charges via SkillPay) but I found a hardcoded SkillPay API key in the source. Before installing: (1) Treat the embedded key as a red flag — it may route payments or indicate a leaked secret. Ask the author whether that token is a harmless test key; if not, do not use it. (2) Prefer running the skill only after you set your own SKILLPAY_API_KEY environment variable; inspect/replace the hardcoded default in main.py. (3) Confirm who will receive the 0.01 USDT payments (the skill owner? you?). (4) Because the skill opens a networked API, run it in an isolated environment or sandbox until you verify behavior. (5) The registry metadata and skill.yaml disagree about required env vars; ask the publisher to correct this and to remove any embedded credentials. If the author confirms the embedded key is invalid/test-only and they update the repo to remove it, my concern would be reduced.

Review Dimensions

Purpose & Capability: concernThe skill's declared purpose (monitor Polymarket and charge via SkillPay) matches the network calls in main.py to Polymarket and SkillPay. However there is an inconsistency between the registry metadata that listed no required env vars and the included skill.yaml/main.py which require SKILLPAY_API_KEY. That mismatch is unexpected and reduces trust.
Instruction Scope: noteSKILL.md describes a FastAPI service that processes payments and returns market movers; main.py implements FastAPI endpoints and only makes network calls to Polymarket and SkillPay. The instructions are not asking the agent to read arbitrary local files or unrelated credentials. SKILL.md mentions 'automatically handle crypto payment callbacks' while the implementation polls SkillPay; the doc is a bit vague but not evidence of broader data collection.
Install Mechanism: okNo external download/install mechanism is present; dependencies are standard Python packages listed in requirements.txt. Nothing in the install spec indicates extraction of arbitrary archives or fetching code from untrusted hosts.
Credentials: concernThe skill legitimately needs a SkillPay API key to create and check charges. However main.py contains a hardcoded SKILLPAY_API_KEY default token embedded in source code. Shipping a working default key is a sensitive design choice: it can route payments to the embedded key's owner (or leak a secret). The required-env listing in skill.yaml (SKILLPAY_API_KEY required) conflicts with the registry summary that claimed none — another coherence issue.
Persistence & Privilege: okThe skill is not configured as 'always: true' and does not request elevated persistence. It needs network permission (reasonable for its purpose) but does not modify other skills or system-wide settings.