Skillv0.1.0

ClawScan security

Toss Payments CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 20, 2026, 12:07 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (a Toss Payments CLI) mostly matches the env var it requests, but the instructions and packaging info are inconsistent (it tells you to pip-install a package and to run a toss-pay binary while no code files, install spec, or declared binary exist), so you should verify its origin before supplying your secret key.
Guidance: This skill looks like documentation for a Toss Payments CLI rather than a self-contained implementation. Before installing or supplying TOSS_SECRET_KEY: 1) ask the publisher for the source repository or official package name and verify it (PyPI/GitHub and a homepage). 2) Do not export your real secret key until you confirm the package origin and inspect its code. 3) If you must test, use a test key with minimal privileges. 4) Prefer official SDKs or packages referenced by Toss Payments docs; avoid installing packages or running binaries from unverified/unknown sources.

Review Dimensions

Purpose & Capability: noteThe skill claims to be a CLI for Toss Payments and requests the TOSS_SECRET_KEY credential — that is appropriate for the stated purpose. However, it presents itself as a runnable CLI (toss-pay) while the skill bundle contains no code, no binaries, no homepage, and no install spec; this mismatch reduces confidence that the skill actually provides the advertised capability.
Instruction Scope: concernSKILL.md instructs running a toss-pay CLI and shows an install command (pipx install . / pip install .). It also mentions an optional TOSS_BASE_URL environment variable, but TOSS_BASE_URL is not declared in requires.env. The instructions do not ask for unrelated files or secrets, but they assume a local package/binary that is not present in the skill bundle — an agent following these instructions could try to run commands that don't exist or rely on an external package of unknown origin.
Install Mechanism: concernThere is no install specification in the skill metadata, yet SKILL.md tells users to run pipx install . or pip install . which implies a Python package source. Because the skill contains no code files or repository link and the 'Source' and 'Homepage' fields are unknown/missing, there's no traceable/ verifiable install artifact. This is an incoherence and increases risk: the install instructions refer to artifacts that are absent.
Credentials: noteOnly TOSS_SECRET_KEY is required/declared (primary credential), which is proportional for a payments API client. However, SKILL.md references an additional env var (TOSS_BASE_URL) that is not declared in requires.env. Requesting the secret key is reasonable for the purpose, but the skill has no provenance information and would have access to a sensitive credential if used — you should only provide it to a known, trusted implementation.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges (always: false) and does not declare modifications to other skills or system-wide settings. Autonomous invocation is enabled by default but is not combined here with other high privileges.