Back to skill
Skillv1.0.0
ClawScan security
NowPayments Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 14, 2026, 6:52 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (NowPayments integration) is plausible, but the runtime instructions ask the agent to create and store secret credentials and endpoints while the package/registry metadata does not declare any required credentials or source — that mismatch and missing provenance are concerning.
- Guidance
- This skill appears to be a legitimate NowPayments integration, but several things don’t add up: the SKILL.md tells the agent to create a .env with NOWPAYMENTS_API_KEY and NOWPAYMENTS_IPN_SECRET yet the skill metadata declares no required credentials or source repo. Before installing: (1) ask the publisher for the source code or a trusted repository URL and verify the code that will handle webhooks and secrets; (2) do NOT provide real API keys until you’ve reviewed how/where they are stored — prefer secrets managers or environment injection on the host rather than plain .env in a public repo; (3) ensure IPN endpoints run over HTTPS, verify the IPN signature verification implementation, and test in a staging environment; (4) request clearer, less open-ended instructions (exact file paths, storage recommendations, and input validation) and audit the generated code for exfiltration (network calls, logging of secrets); (5) if you cannot verify the author/source, avoid giving real credentials and run the integration only in isolated/staging infrastructure.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes a legitimate NowPayments integration which legitimately requires a NOWPAYMENTS_API_KEY and NOWPAYMENTS_IPN_SECRET, but the registry metadata lists no required environment variables or primary credential. That mismatch between what the skill will actually need (secrets, webhook handling) and what it declares in metadata is incoherent and makes it harder to reason about privilege and trust.
- Instruction Scope
- noteThe instructions are focused on building checkout and IPN endpoints, creating a .env with secrets, wiring UI hooks, and adding security controls (CSRF, rate limiting, origin validation). That scope matches the described purpose. However the instructions are high-level/vague ("Set up NowPayments for my store") and instruct the agent to create and persist sensitive credentials in a .env file without describing secure storage, rotation, or limiting exposure. The vagueness gives the agent broad discretion which could lead to insecure implementations or accidental leakage if the agent is allowed to transmit code or secrets externally.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md and package.json — this is instruction-only. That reduces installer risk because nothing is downloaded or executed automatically by the platform. No external URLs or archive installs are present.
- Credentials
- concernThe runtime instructions require two sensitive values (NOWPAYMENTS_API_KEY, NOWPAYMENTS_IPN_SECRET) but the skill metadata declares none and provides no primary credential. Requesting persistent storage of these secrets (.env) is proportionate to the feature, but the lack of declared env vars in metadata and absence of guidance for secure handling or scoping of those secrets is a red flag. The skill also lacks source/homepage provenance, making it harder to verify the maintainer before handing over credentials.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request system-wide modifications in the metadata. Autonomous invocation is enabled (default) but that is normal for skills; there is no explicit attempt to modify other skills or agent configs described.