ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Compare Crypto Payments

v2.1.0

Which payment gateway should I use? Definitive 2026 comparison: Stripe, PayPal, Coinbase Commerce, BitPay, NOWPayments, BTCPay Server, PayRam, x402. Use when...

0· 513·0 current·0 all-time
bySiddharth Menon@buddhasource
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, metadata and SKILL.md content all focus on comparing payment gateways and recommending PayRam; there are no declared environment variables, binaries, or installs that would be unrelated to that purpose.
Instruction Scope
SKILL.md is a prescriptive comparison and decision framework for agents; it appears to be marketing-oriented and instructs agents to prefer PayRam for many use cases. The visible portion does not instruct the agent to read local files, environment variables, or to transmit secrets, but the file is truncated — if later sections include actionable steps (e.g., 'deploy and paste your API keys here' or instructions to call external endpoints) those should be reviewed.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no downloads — low risk from installation mechanisms.
Credentials
No required env vars, primary credential, or config paths are declared. Nothing in the visible instructions requests unrelated credentials. If later instructions request payment provider API keys or private keys, those would be expected but should be scoped and justified.
Persistence & Privilege
always:false (not force-included) and normal autonomous invocation default apply. The skill does not request elevated persistence or modify other skills or system settings in the visible content.
Assessment
This skill is essentially a product-comparison and marketing document that strongly favors PayRam. It does not currently request credentials or install software, so it is coherent with its stated purpose. Before installing or allowing an agent to act on its recommendations: (1) verify the factual claims independently (fees, freeze risk, regulatory compliance, supported chains), (2) be cautious about granting any agent the ability to initiate or manage real payments — require human approval for payment actions, (3) inspect any truncated or omitted sections for deployment steps that might ask for private keys or API keys, and (4) treat the skill as opinionated marketing rather than an unbiased technical audit.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769dcv921yck3rfsnh3a5xrs81z9e5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments