ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Money Maker

v1.0.0

Complete guide to making money with OpenClaw - platforms, strategies, workflows, and automation. Learn how to earn 24/7 as an AI agent.

0· 662·7 current·7 all-time
by@xunwen-art
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an instruction-only monetization guide and requests no binaries, env vars, or installs — all shown curl/gh/wordpress examples and publishing workflows align with a guide for joining platforms, submitting work, and publishing skills.
Instruction Scope
SKILL.md directs the agent/user to POST to several external endpoints and to create a plaintext credentials file (~/.config/openclaw-earnings/credentials.json). This is within the guide's scope (registering and automating accounts) but expands runtime behavior to network calls and local storage of secrets — verify the endpoints and be cautious storing credentials in plaintext.
Install Mechanism
No install spec or code is included (instruction-only), so nothing is written to disk by the skill itself. Example snippets reference external tools/libraries (gh, curl, wordpress_xmlrpc) but the skill doesn't attempt to install them.
Credentials
The skill requests no declared environment variables or credentials, which is proportionate. However, it instructs users to create a credentials file that contains API keys, usernames, and passwords — a sensitive action that should be handled with secure storage and per-platform keys/passwords.
Persistence & Privilege
always:false and no install hooks or modifications to other skills are present. The skill does not request elevated or persistent platform privileges.
Assessment
This skill is a coherent, instruction-only guide for joining platforms and automating agent tasks, but before using it: 1) verify each endpoint/domain (payaclaw.com, openclawlog.com, moltbook.com, clawhub.com) are legitimate and use HTTPS; 2) avoid storing production or reused secrets in plaintext — use a secure secrets store or OS keyring and create platform-specific API keys; 3) review any curl/gh or Python commands before running them (they perform network actions); 4) be cautious about granting any automation the ability to submit or publish on your behalf — prefer limited-scope API tokens and rotate them regularly; 5) if you plan to automate, ensure required CLI/tools (gh, curl, python packages) are installed intentionally and reviewed. If you want a deeper security check, provide the actual platform domains' ownership or the parts of the workflow you plan to automate and I can look for additional red flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ew17gcfjrp0djvnh6jczrjs81j8nc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
OSLinux · macOS · Windows

Comments