Back to skill
Skillv1.0.0
ClawScan security
skill-by-test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 18, 2026, 9:45 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's documentation promises a full sandbox payment-link manager but the included code, declared environment requirements, and metadata do not match each other — the footprint is small and not obviously malicious, but multiple inconsistencies warrant caution.
- Guidance
- This skill appears to be a test/sandbox helper but contains several inconsistencies: the documentation promises many features while the code only implements a single 'one-time' endpoint; SKILL.md lists TEST_API_KEY but the registry doesn't require it and the script doesn't read env vars; the script hardcodes API_KEY and targets http://localhost:4000/v1. Before installing or enabling this skill, ask the author to: (1) clarify the authoritative name and homepage, (2) confirm which environment variables (if any) are required and remove hardcoded keys, (3) provide the real sandbox endpoint(s) and explain why SKILL.md demands HTTPS while code uses localhost HTTP, and (4) supply a complete implementation or reduce the documentation to match the actual capabilities. If you must run it, prefer running in an isolated environment (no sensitive network access) and inspect how the agent will invoke the script and what payloads it may send to localhost.
Review Dimensions
- Purpose & Capability
- concernThe skill description and SKILL.md claim broad payment-link capabilities (one-time, recurring, plans, multi-product, webhooks, etc.), but the shipped script only implements a single 'onetime' POST to /test/onetime. The SKILL.md title ('upload-skill') differs from registry name ('skill-by-test'), and SKILL.md metadata lists TEST_API_KEY even though the registry metadata lists no required env vars. These mismatches indicate the implementation does not match the claimed purpose.
- Instruction Scope
- concernSKILL.md contains detailed runtime rules and security guidance (e.g., 'use HTTPS only', 'never expose API keys'), yet the code uses a local HTTP BASE (http://localhost:4000/v1) and contains a hardcoded API_KEY constant. The instructions require strict validation and many features, but there are no instructions or code to interact with external sandbox APIs beyond the single local endpoint. The SKILL.md also references an env var (TEST_API_KEY) not used by the script.
- Install Mechanism
- okThere is no install spec — this is instruction-only plus a small script. Nothing is downloaded from remote URLs and no installers are invoked. This is the lowest-risk install pattern.
- Credentials
- concernSKILL.md metadata declares TEST_API_KEY, but the registry lists no required env vars and the script does not read environment variables (it uses a hardcoded API_KEY = 'abc'). This inconsistency is disproportionate and unclear: either the skill should require a TEST_API_KEY or the metadata is stale/incorrect. The script does not use any other credentials and communicates to localhost only.
- Persistence & Privilege
- okThe skill does not request elevated or persistent privileges (always: false, no config paths, no credentials). It is user-invocable and can be called autonomously by the agent (default), which is normal. There is no evidence it modifies other skills or system-wide settings.