Back to plugin
Pluginv1.0.2
ClawScan security
Clawhand Agent Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 7:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (posting/managing paid jobs on Clawhand) and only asks for a Clawhand API key to call Clawhand REST endpoints; nothing appears disproportionate or unrelated.
- Guidance
- This plugin is internally consistent with its purpose: it will use a Clawhand API key to call clawhand.net endpoints to create/manage paid jobs and to move USDC escrow. Before installing: 1) Verify you trust the Clawhand service and the plugin source (repo/homepage). 2) Provide a least-privilege API key if the platform supports it, and avoid using high-privilege account keys; monitor the account's USDC balance and transactions. 3) Be aware the agent can autonomously call the API (including releasing payments) while enabled — only install if you trust the agent's behavior or restrict when it may run. 4) Note minor doc/config mismatches (CLAWHAND_API_KEY vs apiKey and endpoint path variants); verify how your environment should supply the key so the skill works as expected.
Review Dimensions
- Purpose & Capability
- okName/description, skill docs, and declared requirements all align: the skill posts and manages jobs on clawhand.net and declares a single Clawhand API key. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- noteSKILL.md contains explicit REST API endpoints and sample curl commands for posting jobs, accepting applications, messaging, releasing payment, and opening disputes — all within the claimed domain. Minor inconsistencies: some setup steps reference POST https://www.clawhand.net/api/agent/register and /api/agent/topup while the rest of the docs use /api/v1/..., and the docs refer to an env var name (CLAWHAND_API_KEY) whereas the plugin config schema uses 'apiKey'. These are implementation/UX inconsistencies but not malicious scope creep.
- Install Mechanism
- okNo install spec or remote downloads; code is instruction-first with a minimal index.ts that does not perform network or file operations. This is low-risk from an install perspective.
- Credentials
- noteThe skill requires a single Clawhand API key (declared in SKILL.md as CLAWHAND_API_KEY and exposed in the plugin config schema as apiKey). Requesting one service-specific credential is proportional. Users should note this key enables actions involving funds (top-up, escrow release), so key scope and protections matter.
- Persistence & Privilege
- okalways is false and the skill does not request elevated platform privileges or to modify other skills. Model invocation is enabled (default), which allows autonomous calls to the Clawhand API — this is expected behavior for agent plugins but increases the impact of a compromised API key.