ClawVault Payments
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about being a payment tool, but it gives an agent high-impact authority to initiate crypto transfers and card purchases that may auto-approve within configured rules.
Install only if you intentionally want an agent to handle payments through ClawVault. Start with manual approval, small limits, and strict recipient/merchant whitelists; monitor the audit trail and protect the API key and temporary card credentials carefully.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend funds or request payment credentials within configured limits without asking the user again at the moment of purchase.
This shows that financial transactions can be executed automatically when they fit configured rules. Because these are real crypto/card payments, the lack of an explicit final confirmation step in the skill instructions is a material high-impact control concern.
Transactions within rules auto-approve; transactions outside rules require human approval via Telegram or dashboard.
Use very tight spending limits, whitelisted recipients and merchants, and manual approval by default; require the agent to dry-run and present transaction details before any payment.
Anyone or any agent process with this API key may be able to access ClawVault payment functions allowed by the account rules.
The skill requires a ClawVault API key to access the payment service. This is expected for the stated purpose, but it is a privileged financial credential.
Authorization: Bearer ${CLAWVAULT_API_KEY}Store the API key securely, use the least-privileged key available, monitor the dashboard/audit trail, and revoke or rotate the key if it may have been exposed.
Temporary card details could be exposed in transcripts, logs, or downstream tools if the agent mishandles them.
The card purchase flow can return temporary Visa card credentials to the agent. The artifact warns not to log or store them, which is appropriate, but users should recognize that sensitive payment credentials enter the agent context.
"card_credentials": { "number": "4242837419283847", "exp_month": 3, "exp_year": 2028, "cvc": "847" }Avoid logging card details, keep chat/tool transcripts private, and only request card credentials when ready to use them immediately at the intended merchant.