Skillv1.0.0

ClawScan security

InstaClaw | Buy my groceries · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 1:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (agent shopping and Stripe-powered wallets) matches the single credential it requests and the runtime instructions; nothing obvious requests unrelated secrets or system access, but the skill is instruction-only and asks the agent to fetch and save remote files so exercise caution before trusting the remote host or providing the API key.
Guidance: This skill appears internally consistent with its stated purpose, but before installing or providing your CREDITCLAW_API_KEY: 1) Verify the vendor (creditclaw.com) independently — check the site, TLS cert, documentation, and any company info. 2) Only enter the API key into official CreditClaw configuration screens; treat it as a secret. 3) Review and/or fetch the SKILL.md and related files yourself before allowing an agent to run the provided curl commands, since those commands will write remote content into ~/.creditclaw. 4) Ensure your owner account enforces conservative spending limits or manual approval (approval_mode: ask_for_everything) before enabling autonomous purchases. 5) If you have doubts about the domain or provenance, do not provide the API key and prefer manual purchase workflows.

Review Dimensions

Purpose & Capability: okName/description, declared API base (creditclaw.com/api/v1), and the single required env var CREDITCLAW_API_KEY are coherent: an online payment/wallet service reasonably needs an API key. Payment flows and endpoints referenced in SKILL.md match the stated shopping/payment purpose.
Instruction Scope: noteSKILL.md instructs agents how to call CreditClaw endpoints and includes example curl commands to download additional skill docs into ~/.creditclaw/skills/creditcard. Those instructions are within the skill's purpose (fetching its own docs/assets) but they do direct the agent to fetch and write remote content to the user's home directory — which is a material action an agent could perform if invoked autonomously.
Install Mechanism: noteNo formal install spec (instruction-only), which is lower-risk. However the README gives explicit curl commands to download files from creditclaw.com and save them locally; that is effectively an on-demand installation step and means remote content will be written to disk if followed. The URLs are on the stated domain (creditclaw.com), not shorteners or IPs.
Credentials: okOnly CREDITCLAW_API_KEY is required and is declared as the primary credential. No other unrelated secrets or config paths are requested. SKILL.md explicitly warns never to send the API key to other domains, which aligns with proportional use of a single service key.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — the skill does not request permanent/always-on inclusion. disable-model-invocation is false (agent can call it autonomously), which is the platform default; this increases the importance of ensuring the API key and spending limits are set correctly but is not itself an incoherence.