ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawHub Security Scan

v1.1.2

Pre-publish security scan for ClawHub skills - Scans code for patterns that might get flagged as suspicious and gives fixing suggestions.

0· 39·0 current·0 all-time
by@yuyiyuleyuli-cloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code (scan.py, review.py, precheck.py) implements a code scanner and a pre-publish checklist consistent with the skill's stated purpose. However, the scripts include SkillPay billing logic (POSTs to https://skillpay.me and reading SKILLPAY_API_KEY) while the registry metadata declares no required environment variables or primary credential. Charging behavior is mentioned in SKILL.md but the required credential (SKILLPAY_API_KEY) is not declared in the skill manifest — this is an incoherence that affects trust and transparency.
!
Instruction Scope
SKILL.md instructs running the provided scripts and lists a per-call price, which matches the code. But the interactive precheck (precheck.py) will attempt to charge before running and requires a user-id and an API key (or environment variable) to succeed. The SKILL.md does not explicitly document the exact env var name (SKILLPAY_API_KEY) or the full shape of the network POST, which means users may be surprised by a networked billing step tied to an undeclared secret.
Install Mechanism
No install spec is present (instruction-only + shipped scripts). No downloads or archive extraction are performed during install. This is low-risk from an install footprint perspective.
!
Credentials
The scripts read environment variables (os.environ) to obtain SKILLPAY_API_KEY for billing. Requesting a payment API key is proportionate to a paid tool, but the skill metadata does not declare this required env var or primary credential. Also the scanner will by design inspect files and environment-variable usage in user repositories (which is expected for a scanner) — users should understand those file reads happen locally and the script will not (based on visible code) exfiltrate scanned file contents, but it does send billing-related data (user_id, skill_id, amount) to an external endpoint. The undeclared credential + external network call is the main proportionality concern.
Persistence & Privilege
The skill is not forced-always, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Autonomous invocation is enabled (the platform default), but that's not combined here with other broad privileges.
Scan Findings in Context
[OS_ENV_ACCESS] expected: The code reads os.environ to get SKILLPAY_API_KEY for billing; environment access is expected for a tool that needs an API key, but the manifest doesn't declare this requirement.
[EXTERNAL_HTTP_POST_SKILLPAY] expected: The scripts perform POST requests to https://skillpay.me/api/v1 to charge the caller. This aligns with the SKILL.md pricing statement, but users should be informed in the registry metadata and SKILL.md of the exact env var and network behavior.
[SCAN_FILE_IO] expected: scan.py opens and reads repository files to search for suspicious patterns. This is the primary intended behavior of the skill.
[HIGH_ENTROPY_SECRET_DETECTION] expected: The scanner contains logic to detect high-entropy quoted strings (possible hard-coded secrets). This is expected for a pre-publish scanner.
[UNDECLARED_CREDENTIAL_IN_MANIFEST] unexpected: Although code expects SKILLPAY_API_KEY (and accepts an --api-key argument), the registry metadata lists no required environment variables or primary credential. This is a transparency/manifest mismatch.
What to consider before installing
This skill appears to implement the promised pre-publish scanner, but it charges 0.001 USDT per call by calling SkillPay.me and expects a SkillPay API key (SKILLPAY_API_KEY) which is not declared in the registry metadata. Before installing or running: 1) Confirm you trust the payment endpoint (https://skillpay.me) and the skill author; 2) Expect to provide a SKILLPAY_API_KEY (or pass --api-key) and a user-id when running the interactive precheck — the script will attempt to charge that key; 3) If you want to avoid unexpected charges, run scan.py directly (it also exposes a scan mode) and inspect the code locally; 4) Ask the publisher to update the registry manifest to declare required env vars and clearly document billing behavior in SKILL.md; 5) If you audit before running, review the full scripts for any code that might send scanned file contents elsewhere — in the visible code the only external POST is the billing call, but always verify before providing credentials.
scripts/precheck.py:68
Dynamic code execution detected.
scripts/review.py:42
Dynamic code execution detected.
scripts/scan.py:69
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973p00rpdh0hrq99a1438dr8h844qs5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments