Zinc Universal Checkout
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Zinc checkout skill, but it can use a Zinc API key to buy products and schedule order-status checks, so purchases should require explicit user confirmation.
Install only if you trust the package source and intend to let an agent use your Zinc account. Keep ZINC_API_KEY secure, prefer a dedicated or limited account/key, and require explicit confirmation before any purchase. Treat order lookups as sensitive because they can reveal shipping and tracking details, and keep scheduled status checks limited and cancellable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could submit an unwanted purchase using the user's Zinc account.
The skill intentionally documents a high-impact API action that can place real purchases. It also includes an explicit user-confirmation instruction, making this disclosed and purpose-aligned rather than suspicious.
**Always confirm with the user** before placing an order (`POST /orders`). This spends real money.
Require explicit confirmation of product URL, quantity, shipping address, retailer account choice, and max_price before any POST /orders request; use an idempotency_key to reduce duplicate-order risk.
Anyone or any agent with access to the key may be able to place orders or view order details through the Zinc API.
The skill requires a bearer token for the user's Zinc account. That token is expected for this integration, but it can authorize order creation and order retrieval.
`ZINC_API_KEY` env var must be set. ... Authorization: Bearer $ZINC_API_KEY
Use a dedicated Zinc key/account with limited funding or controls if possible, store the key securely, and rotate it if it may have been exposed.
Installers may not receive a full up-front metadata signal that the skill needs a purchase-capable API key.
The registry metadata does not identify a source/homepage or declare the credential that SKILL.md and README.md require. Because this package is instruction-only, this is a transparency note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none ... Required env vars: none ... Primary credential: none
Verify that the skill comes from the expected Zinc or trusted ClawHub source, and ensure registry metadata is updated to declare ZINC_API_KEY as the required credential.
The agent may continue checking and announcing an order status after the initial request.
The skill asks the agent to create future scheduled turns for order-status polling. This is disclosed and tied to asynchronous order tracking, but it is persistent behavior that should remain scoped.
Schedule a cron job to check the order status ~7 minutes after creation. ... If still pending/in_progress, schedule another check in 5 minutes.
Schedule status checks only after the user agrees, stop at terminal order states, and set a maximum retry or time limit for pending orders.
Order history, shipping address, phone number, and tracking details may be brought into the agent conversation or logs.
The skill appears to use 'safe' to mean non-mutating, but GET responses can still contain personal order and shipping information. Users should not interpret this as privacy-free access.
Reading orders (GET) is always safe. ... Response: order object with `id` (UUID), `status`, `items`, `shipping_address`, `created_at`, `tracking_numbers`, etc.
Treat order reads as sensitive, request only the specific order information needed, and avoid sharing order details into broad or public channels.