Skillv1.0.0

ClawScan security

Kaspi Autopay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 11:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to automate Kaspi Pay receipt verification and instant delivery but provides only marketing-style instructions and no operational details, credentials, or install steps — the requirements don't match the stated purpose.
Guidance: This skill reads like a marketing listing, not an actionable integration. Before installing or relying on it: 1) Ask the developer for concrete technical docs or the integration code (repo, sample) showing how Kaspi receipts are verified and how secrets are used/stored. 2) Demand clarity on required credentials (Telegram BOT_TOKEN, Kaspi API/merchant credentials, DB) and where those secrets will be stored (avoid giving long-lived keys without review). 3) Verify the developer identity (contact history, GitHub profile, references) and ask for a security/privacy policy — payment flows handle sensitive data. 4) If you must test, do so in a sandbox with throwaway accounts and least-privilege credentials. 5) If you need automated verification, prefer integrations with documented APIs or open-source code you can audit rather than a closed 'proprietary' black box.

Review Dimensions

Purpose & Capability: concernThe skill advertises an automated payment-verification integration for Kaspi Pay and Telegram bots, but declares no credentials, no webhooks, no Telegram BOT_TOKEN, and no Kaspi API keys — all of which would normally be required. That mismatch (payment automation but no declared access requirements) is incoherent.
Instruction Scope: concernSKILL.md is high-level marketing and contains no concrete runtime instructions, commands, or file/variable access. It asserts a 'proprietary verification method' but does not describe how verification is performed, what data is needed, or how secrets are handled. The instructions are vague and direct the user to contact the developer rather than providing an implementable integration guide.
Install Mechanism: okThere is no install spec and no code files (instruction-only). That minimizes direct install risk because nothing is downloaded or written by the skill itself.
Credentials: concernFor a payment/Telegram integration one would expect required env vars (Telegram BOT_TOKEN, Kaspi credentials, DB connection string) and possibly webhook config. The skill lists none — either it's incomplete (missing required secrets) or it implicitly expects out-of-band handling by the developer. The absence of declared credential requirements is disproportionate to the claimed functionality.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and is user-invocable. There are no indications it requires persistent elevated privileges in the agent environment.