Skillv1.0.0

ClawScan security

Decentralized Agent Cloud · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 7:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (a JS client for a decentralized agent compute marketplace) is plausible, but the SKILL.md and registry metadata are inconsistent about required tooling and credentials and the runtime instructions rely on installing an npm package and using an API key that is not declared—this mismatch and the need to install third-party code at runtime are worth caution.
Guidance: Before installing or invoking this skill: (1) verify the npm package source on the linked GitHub repo and review its code (especially network calls, telemetry, and file/system access); (2) confirm how the apiKey should be provided and store it securely (prefer platform-managed secret injection rather than pasting keys into code); (3) prefer running the package in a sandboxed/ephemeral environment first (container or VM) to observe behavior; (4) ask the publisher to update registry metadata to declare required tools and explicit credential names (e.g., AGENT_CLOUD_API_KEY) and to provide a cryptographic package checksum or pinned version; (5) be cautious about connecting real cloud storage or high-privilege credentials until you’ve audited the package. The inconsistencies here (missing declared credentials and missing install spec) are the main reasons to treat this skill as suspicious rather than benign.

Review Dimensions

Purpose & Capability: noteThe stated purpose (decentralized compute marketplace) matches the SKILL.md content: it expects a Node.js/npm client package and shows usage requiring an apiKey and agentId. However the registry metadata above claimed no required tools/env vars while SKILL.md lists node>=18, npm and an npm package dependency — this inconsistency should be reconciled.
Instruction Scope: concernThe SKILL.md instructs installing and using the openclaw-decentralized-agent-cloud npm package and shows examples that send/receive data from external endpoints (e.g., storage.agent-cloud.io, s3://). The examples use an apiKey but no credential is declared in the metadata. There are no explicit instructions to read local sensitive files, but installing and running a third-party npm package gives it the ability to perform network I/O and access any runtime-provided data. The instructions are broad enough to allow exfiltration if the package or marketplace endpoint is malicious.
Install Mechanism: noteThis is an instruction-only skill (no install spec in registry), but the SKILL.md expects npm install openclaw-decentralized-agent-cloud (package on npm with a linked GitHub repo). Installing arbitrary npm packages at runtime is a moderate risk (package code executes locally). The SKILL.md does include a verified_repo URL which is good, but the platform metadata lacks an automated install artifact or checksum to validate the package.
Credentials: concernThe examples require an apiKey and reference resources like s3:// buckets and possibly cloud models (gpt-4). Yet the registry entry declares no required environment variables or primary credential. That omission is problematic: the client will need credentials (API keys, cloud storage credentials, billing) but those are not declared or scoped here. Requiring network-accessible credentials without declaring them is disproportionate and increases risk of accidental credential exposure or misuse.
Persistence & Privilege: okThe skill does not request always:true, does not declare system config paths, and is instruction-only. Autonomous invocation is allowed by default (normal). There's no evidence in the SKILL.md that it intends to modify other skills or system-wide settings.