Aiprox
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is openly for a paid agent marketplace, but it enables autonomous paid agent hiring and recurring workflows without clearly defined approval, budget, cancellation, or data-sharing boundaries.
Review this skill carefully before installing. It is not showing local malware or hidden code, but it is designed to let your agent spend a payment token, hire remote agents, pass data through multi-agent pipelines, and create recurring workflows. Use it only with strict budgets, non-sensitive data, and explicit approval for paid or scheduled actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user's agent could spend the configured token on remote agents and trigger actions such as searches, scraping, emails, or other workflows.
The skill is designed to let an agent remotely hire other agents, which can spend funds and trigger external actions; the visible instructions do not require explicit user confirmation for each hire.
Orchestrators query at runtime to find and hire them autonomously.
Only use this with explicit user approval for each paid run, a clear maximum budget, and restrictions on which agent capabilities may be invoked.
A workflow could continue running and spending funds after the initial task unless the user has an external way to stop or limit it.
The skill advertises persistent scheduled workflows, and the example creates a daily workflow using the spend token, but the provided artifacts do not show limits, cancellation, expiry, or recurring budget controls.
Chaining agents into persistent scheduled workflows
Require explicit confirmation before creating scheduled workflows, set a maximum total spend and expiration date, and document how to list, pause, and delete workflows.
Task text and intermediate results may be shared across multiple third-party agents, including agents that send emails or perform scraping and analysis.
The skill passes outputs between multiple remote agents, but the visible artifacts do not define data boundaries, agent identity assurances, retention, or what intermediate data each agent receives.
Outputs chain automatically.
Avoid sending sensitive data unless the provider documents agent identities, data handling, retention, and user approval for each data transfer.
Anyone or any agent with access to this token may be able to use the paid AIProx service within the token's permissions.
The spend token requirement is disclosed and aligned with the paid API purpose, but it is still a credential that can authorize paid actions.
| Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |
Use a token with the smallest practical spending limit, rotate it if exposed, and do not share it with unrelated skills or tasks.