Skillv1.2.3

ClawScan security

Bank Claw | Give your agent a bank account · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 1:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions match its stated purpose (letting an agent make guarded purchases via CreditClaw) and require only a single API key; nothing in the package indicates it is trying to do unrelated or hidden actions.
Guidance: This skill appears internally consistent with a payments/wallet tool: it needs only a CreditClaw API key and will call creditclaw.com endpoints to check balances, request purchases, and perform checkouts. Before installing or providing the API key, verify that you trust https://creditclaw.com (review their website, terms, and billing policies). Limit the API key's permissions if possible, enable owner approval modes and spending caps, and monitor activity (polling frequency and approval windows are documented). Do not share your key with other skills or domains, and consider using a scoped or revocable API key so you can disable it if you see unexpected charges.

Review Dimensions

Purpose & Capability: okName/description (agentic wallets/Stripe-backed payments) align with the declared requirement (CREDITCLAW_API_KEY) and the runtime instructions (curl calls to creditclaw.com endpoints for purchases, check, top-up, checkout, stripe wallet signing). The required credential is the expected one for a payment API.
Instruction Scope: noteSKILL.md and companion files explicitly tell the agent to call CreditClaw API endpoints (e.g., /bot/wallet/check, /card-wallet/bot/purchase, /bot/merchant/checkout) and to poll for status, perform variant lookups, and optionally download skill files into ~/.creditclaw/skills/creditcard. Those behaviors are appropriate for a payments/checkout skill, but they do allow the agent to (with a valid API key) initiate real charges and to write these skill files locally. The skill also instructs the agent to search the web for product pages (e.g., extract ASINs) which is within scope for shopping.
Install Mechanism: okNo install spec or third-party downloads are included; the skill is instruction-only. The suggested 'install' uses curl to mirror files from creditclaw.com into a local skill directory — this writes documentation locally but does not fetch arbitrary code or run installers. Low install risk.
Credentials: okOnly one environment variable (CREDITCLAW_API_KEY) is required and is declared as the primary credential. That is proportionate for a payment/wallet integration. The SKILL.md consistently uses that key only in requests to creditclaw.com and explicitly warns not to send it to other domains.
Persistence & Privilege: okThe skill is not forced-always (always: false) and allows normal autonomous invocation. It does instruct how to store skill files under the user's home (~/.creditclaw/skills/creditcard) but does not request system-wide privileges or modify other skills' configs. This level of persistence is reasonable for an instruction-only payment skill.