中文 EN
Start Review
Skill Trust Decision

clawhub-security-scan

A ClawHub security-scanning tool with a hardcoded example credential in review.py that contradicts its own security advice, and undeclared external API calls to skillpay.me for billing.

Install decision first Source: Manual upload Scanned: Apr 3, 2026
Files 5
Artifacts 2
Violations 2
Findings 3
Most direct threat evidence
High
Hardcoded high-entropy string contradicts security advice

review.py line 24 contains api_key = "secretkeyhere123" — a hardcoded credential with Shannon entropy >3.5 that matches the skill's own high-entropy secret detection pattern. The same file's print_best_practices() explicitly warns against this pattern.

scripts/review.py:24

Why this conclusion was reached

3/4 dimensions flagged
Block
Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Block
Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block
Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Pass
Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Hardcoded high-entropy string in source +20

review.py:24 contains 'api_key = "secretkeyhere123"' — a hardcoded credential that triggers the skill's own HIGH_RISK detection pattern (is_likely_secret entropy>3.5, length≥16). This directly contradicts the skill's documented best practices.

Undeclared external network calls +10

scan.py and precheck.py both POST to https://skillpay.me/api/v1 for billing. This is not declared in SKILL.md's documented capabilities, only mentioned under 'Pricing'. SkillPay API key is read from environment.

Environment variable reading not prominently documented +5

SKILLPAY_API_KEY is read via os.environ.get() for billing. While 'reads env vars' is mentioned in Medium Risk scanning patterns, the tool's own env var dependency is not stated upfront.

Bills users per invocation +5

Both scan.py and precheck.py require --user-id and will attempt to charge 0.001 USDT per call via SkillPay. This cost model is mentioned in Pricing but not in the declared capabilities table.

Most important evidence

High

Hardcoded high-entropy string contradicts security advice

review.py line 24 contains api_key = "secretkeyhere123" — a hardcoded credential with Shannon entropy >3.5 that matches the skill's own high-entropy secret detection pattern. The same file's print_best_practices() explicitly warns against this pattern.

scripts/review.py:24
Remove this line or replace with a clearly commented placeholder: # DEMO ONLY: api_key = "your-key-here" # Never hard-code secrets
Medium

Undeclared external API calls to skillpay.me

Both scan.py and precheck.py POST JSON to https://skillpay.me/api/v1 for billing. This network WRITE behavior is only mentioned under 'Pricing' in SKILL.md, not in the declared capabilities or the usage table.

scripts/scan.py:64
Add skillpay.me to the 'What it scans' section under Medium Risk, or create an 'External APIs' subsection in SKILL.md
Medium

Billing charge on every invocation requires --user-id

Both scan.py and precheck.py require --user-id and will attempt to charge 0.001 USDT via SkillPay on every run. This cost model is not prominent in the command documentation.

scripts/scan.py:156
Document that the skill charges 0.001 USDT per call prominently in the Usage section

Declared capability vs actual capability

Filesystem Pass
Declared READ
Inferred READ
SKILL.md documents reading sensitive files as what the tool scans FOR
Network Block
Declared READ
Inferred WRITE
scan.py:64, precheck.py:36 — POSTs to skillpay.me/api/v1 not declared in SKILL.md capabilities
Environment Block
Declared NONE
Inferred READ
scan.py:72, precheck.py:44 — reads SKILLPAY_API_KEY from os.environ
Shell Pass
Declared NONE
Inferred NONE
No subprocess/shell execution found in codebase

Suspicious artifacts and egress

High API Key
api_key = "secretkeyhere123"

scripts/review.py:24

Medium External URL
https://skillpay.me/api/v1

scripts/precheck.py:24

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
urllib (stdlib) N/A stdlib No Standard library only, no external package dependencies

File composition

5 files · 851 lines
Python 3 files · 769 linesMarkdown 1 files · 73 linesJSON 1 files · 9 lines
Files of concern · 3
scripts/scan.py Python · 472 lines
Undeclared external API calls to skillpay.me · Billing charge on every invocation requires --user-id
scripts/precheck.py Python · 196 lines
https://skillpay.me/api/v1
scripts/review.py Python · 101 lines
Hardcoded high-entropy string contradicts security advice · api_key = "secretkeyhere123"
Other files · SKILL.md · _meta.json

Security positives

Skill actively detects and warns against the very patterns it exhibits (credential hardcoding, eval/exec, sensitive file access) — shows awareness of security best practices
No subprocess/shell execution found anywhere in the codebase
No sensitive file access (~/.ssh, /etc/passwd, etc.) in the skill's own code
No base64 decode, eval(), or __import__ tricks found
No data exfiltration or credential theft
SKILL.md comprehensively documents what patterns it scans for, reducing user surprise
The skill's core scanning logic (scan.py) is well-structured with clear risk categorization