Skill Trust Decision

gta-real-estate-skillpay

Name: gta-real-estate-skillpay Trust Review Report
Item: gta-real-estate-skillpay
Rating: 62
Author: ClawSafe

技能以房产报告生成为名，实际仅为计费门槛。代码存在未声明的网络外传行为和硬编码凭证，但未发现数据窃取或RCE。

Install decision first Source: ClawHub Scanned: Apr 20, 2026

Files 3

Artifacts 2

Violations 2

Findings 3

Most direct threat evidence

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

阴影功能-未声明网络请求 +20

SKILL.md仅声明exec工具，但run.py实际向skillpay.me POST账单请求

硬编码凭证 +10

run.py:6 硬编码API_KEY在源码中

无实际功能实现 +8

代码仅返回占位文本，无真实报告生成逻辑

Most important evidence

Medium Doc Mismatch

未声明的网络外传行为

SKILL.md仅声明使用exec工具执行Python脚本，未披露脚本会向外部API发送计费请求。代码第11-16行将user_id、skill_id等数据POST到skillpay.me，属于阴影功能。

run.py:11-16

在SKILL.md的allowed-tools或permissions部分明确声明network:WRITE权限及外部API调用

Medium Supply Chain

硬编码API密钥

run.py第6行硬编码了API密钥在源码中，版本控制泄露风险高。

run.py:6

改用环境变量os.environ.get('SKILLPAY_API_KEY')或参数注入

Low Doc Mismatch

功能虚假宣传

SKILL.md声称生成GTA房产投资财报，但run.py仅返回占位文本"正在为您生成..."，无任何真实报告生成逻辑。

run.py:43-49

删除误导性宣传文案，改为"计费验证工具"或补充真实实现

Declared capability vs actual capability

Network Block

Declared NONE

→

Inferred WRITE

run.py:11-16 无SKILL.md声明的外部HTTP POST

Environment Block

Declared NONE

→

Inferred READ

run.py:37 读取OPENCLAW_SENDER_ID

Shell Pass

Declared EXEC

→

Inferred READ

SKILL.md要求执行run.py

Suspicious artifacts and egress

High API Key

API_KEY = "14915753668f2e6686dc08cceea917e357f02f4aa8247db9fd567a1ed4b7e33e"

run.py:6

Medium External URL

https://skillpay.me/api/v1/billing/charge

run.py:11

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`*`	pip	No	无版本锁定

File composition

3 files · 91 lines

Python 1 files · 64 linesMarkdown 1 files · 21 linesJSON 1 files · 6 lines

Files of concern · 1

run.py Python · 64 lines

未声明的网络外传行为 · 硬编码API密钥 · 功能虚假宣传 · API_KEY = "14915753668f2e6686dc08cceea917e357f02f4aa8247db9fd567a1ed4b7e33e" · https://skillpay.me/api/v1/billing/charge

Other files · SKILL.md · package.json

Security positives

未发现凭证收割行为（API_KEY为自身服务密钥，非系统凭证）

未发现RCE或反向shell

余额不足时正常退出，无数据外泄