Skillv1.0.0

ClawScan security

Authorize.net Agentic Payments - Add agentic cards and wallets to your stack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 5:47 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code-free instructions and single required credential (CREDITCLAW_API_KEY) are coherent with a payments/agentic-spending service, but there are naming inconsistencies and important operational risks (handling decrypted card data) you should consider before enabling it.
Guidance: This skill appears to do what it says: manage agent spending via CreditClaw using a single API key. Before installing: (1) Confirm the naming mismatch (Authorize.net vs CreditClaw) with the publisher so you know which service you're trusting. (2) Only provide the CREDITCLAW_API_KEY if you trust creditclaw.com; the key grants the ability to spend on behalf of the agent. (3) Be aware the agent will be instructed to decrypt and use raw card data in-memory — ensure the agent runtime you run this in is secure, does not log or persist secrets, and is acceptable under any PCI or organizational policies. (4) Keep approval_mode conservative (ask-for-everything) until you are comfortable, and rotate the API key if it may have been exposed. If you need higher assurance, request publisher verification or more detail about their compliance (PCI, data retention, logging) before enabling the skill.

Review Dimensions

Purpose & Capability: noteThe skill's purpose (agentic payments / wallets) aligns with the API endpoints and the single required environment variable (CREDITCLAW_API_KEY). However, the package naming is inconsistent: the top-level name/description references 'Authorize.net' while the SKILL.md, files, and API base clearly point to CreditClaw (creditclaw.com). This naming mismatch could be accidental but is confusing and worth confirming with the publisher.
Instruction Scope: noteRuntime instructions are limited to interacting with creditclaw.com APIs (status, checkout, key retrieval, signing, webhooks). That matches the stated purpose. The SKILL explicitly instructs the agent to fetch a one-time AES-256-GCM decryption key and perform local decryption of owner-supplied encrypted card details, then use those decrypted card details to complete merchant checkouts. This is logically necessary for the described 'My Card' flow but it involves handling PCI-sensitive data in the agent runtime — the file warns to not persist or log secrets, but the agent environment must actually enforce that to be safe.
Install Mechanism: okInstruction-only skill with no install steps or downloads. Nothing is written to disk by the skill package itself, which minimizes installation risk.
Credentials: okOnly one required credential (CREDITCLAW_API_KEY / primaryEnv) is requested, which is proportional to a hosted payments API. No unrelated secrets, config paths, or extra credentials are requested.
Persistence & Privilege: okalways:false and no special system-wide modifications are requested. The skill will be usable autonomously by default (normal for skills) but does not request forced/global inclusion or to modify other skills.