ClawHub

Adyen Payments | Complement Adyen with Agentic Card Payments

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real payment-management skill, but its Adyen/CreditClaw identity mismatch and broad money-moving capabilities require user review before installation.

Install only if you intend to authorize CreditClaw financial and commerce workflows, not merely an Adyen integration. Use strict per-purchase approval, low spending limits, scoped and rotated credentials, verified webhooks, minimal logging, and careful handling of card data, buyer PII, invoice emails, shipping addresses, and public shop publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest identifies the skill as 'creditclaw' while the provided skill context says it is the 'adyen' skill, which is a supply-chain and trust-boundary problem. Identity mismatch can mislead reviewers and users about what service they are authorizing, especially dangerous here because the skill requests API credentials and enables financial operations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest describes the skill as spending/financial management, but the file also exposes merchant functionality such as selling products, invoices, checkout pages, and public shops. This scope mismatch can mislead users and policy engines into enabling a skill with broader money-moving capabilities than expected, increasing the chance of unauthorized or unexpected financial operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented seller-commerce endpoints materially expand the skill from agent purchasing into operating as a merchant, including payment links, invoices, checkout pages, and public shops. In an agent ecosystem, hidden or under-disclosed financial capabilities are dangerous because they can bypass user expectations, consent boundaries, or allow monetization flows not anticipated by the installer.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents collection and transmission of buyer personal data such as name and email, but does not clearly warn that this information is sent to an external payment service and stored/processed there. In an agent context, missing privacy disclosures can cause unauthorized sharing of third-party PII and create compliance and user-consent risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The invoice send action triggers an outbound email and PDF delivery to a recipient, but the skill does not prominently warn that executing this endpoint performs an external side effect using user-provided personal data. In agent workflows, hidden outbound communications can lead to accidental disclosure, spam-like behavior, or sending invoices to unintended recipients.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document provides a ready-to-run purchase example that sends a real shipping address and bearer-authenticated request to an external API that places real merchant orders, but it does not prominently warn about privacy exposure, real financial consequences, or the need to avoid using real personal data in examples. In a skill specifically designed to give agents spending power, omission of those warnings materially increases the chance of unintended purchases or disclosure of sensitive recipient information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest requests a sensitive API key and points to an outbound financial API, but provides no inline warning, consent language, or safe-handling guidance for credential use. In a payments/spending skill, this increases the chance that users grant powerful credentials without understanding that the agent may initiate or manage financial actions against an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal