Skillv1.0.7

ClawScan security

alipay-pay-for-402-service · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 6:13 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are internally consistent with a CLI-based Alipay 402 payment helper; it installs an npm-scoped package that provides the alipay-bot CLI and the SKILL.md limits scope and IO, but installing and running external payment tooling is inherently sensitive so proceed only if you trust the package source and integrity hash.
Guidance: This skill is coherent for handling HTTP 402 payments via an Alipay CLI, but it will install and execute external npm code and perform networked payment operations. Before installing: verify you trust the package source (check the GitHub/npm pages and publisher identity), ensure the npm integrity hash matches as instructed (installation must stop if it doesn't), get explicit user consent to install and run the CLI, and avoid providing unrelated secrets. During use: follow the filename restrictions, do not persist payment links or QR images to logs, wait for the user to confirm payment before continuing, and confirm any automatic invocation of related skills (e.g., alipay-authenticate-wallet). If you cannot validate the package publisher or integrity, do not install.

Review Dimensions

Purpose & Capability: okThe skill name/description (handle HTTP 402 Payment Required using an Alipay CLI) matches the declared requirements: npm and an alipay-bot binary. The install spec installs @alipay/agent-payment@1.0.0 which provides alipay-bot — this is proportional to the stated purpose.
Instruction Scope: noteSKILL.md is instruction-only and confines actions to: saving a Payment-Needed header to a sanitized filename, running alipay-bot commands (check-wallet, 402-buyer-pay, 402-query-payment-status), relaying CLI output to the user, and waiting for user confirmation. It explicitly forbids reading unrelated files and logging payment links. This stays within the payment flow, but the instructions cause execution of external CLI code and network communication with payment endpoints, which is sensitive and should be accepted only with user consent.
Install Mechanism: noteInstallation is via npm of @alipay/agent-payment@1.0.0 and uses a provided SHA-512 integrity hash. Installing from npm is expected for a CLI package; the presence of a pinned version and an integrity checksum reduces supply-chain risk, but installing external code still carries nontrivial risk and requires trust in the package owner and registry.
Credentials: okNo required environment variables or credentials are declared. The SKILL.md mentions optional environment variables (AIPAY_MODEL, AIPAY_OS, session ids) for diagnostics, which are optional and reasonable for adapting CLI behavior; nothing unrelated to payment is requested.
Persistence & Privilege: okThe skill does install a CLI binary into PATH (via the node package) but does not request always:true or other elevated persistence. It does not request changes to other skills or system-wide config beyond installing the CLI tool, which is consistent with its purpose.