v1.0.2

CashClaw | Give your agent a wallet or credit card

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:53 AM.

Analysis

This appears to be a Cash App Pay integration guide, but it gives an agent broad payment and account-management authority that should be reviewed carefully before use.

GuidanceUse this only if you intentionally want an agent to help with Cash App Pay integration. Start with sandbox credentials, use least-privilege keys, require human approval before any real payment, refund, dispute, webhook, or credential change, and keep grant IDs or payment tokens out of agent memory, prompts, and logs.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

POST | `/network/v1/payments` | Create a payment | ... POST | `/network/v1/payments/{id}/capture` | Capture a payment | ... POST | `/network/v1/refunds` | Create a refund |

These documented server-side write operations can move or reverse money. The provided instructions do not pair them with explicit human approval, amount limits, merchant scoping, or sandbox-only use.

User impactIf a production API key is available to the agent, an incorrect or over-broad request could create, capture, void, or refund real transactions.

RecommendationDefault to sandbox, require explicit human approval for every production write, and validate amount, merchant, customer, and idempotency details before any payment, capture, void, refund, or dispute action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown ... No install spec — this is an instruction-only skill. ... No code files present — this is an instruction-only skill.

There is no executable code to install, but the registry metadata does not establish publisher provenance for a skill that asks for payment API credentials.

User impactA user could rely on payment-integration instructions from an unverified publisher.

RecommendationCompare workflows against official Cash App developer documentation and only provide credentials to trusted, verified skill sources.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Management API  — Credentials, webhooks, keys ... Automates integration management: - Secure credential rotation - Webhook subscription management - Creating scoped API keys

The skill includes privileged account-management functions, including credential rotation, webhook management, and API key creation, which go beyond processing a single payment and can change persistent account configuration.

User impactAn agent with sufficient credentials could alter key material or webhook routing, potentially disrupting payment processing or expanding future access.

RecommendationUse least-privilege and sandbox credentials where possible, disable management scopes unless needed, and require separate human approval and audit logging for key, credential, and webhook changes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

`ON_FILE_PAYMENT` | Store payment method for future charges | ... When state = `approved`, save the `grant_id` from the `grants` array

The skill instructs storing reusable payment authorization material for future charges, but the provided artifact does not define storage location, retention limits, encryption, or restrictions on reuse by the agent.

User impactStored grant IDs or on-file payment authority could be exposed in logs, prompts, or agent memory, or reused later without the customer or operator realizing it.

RecommendationStore payment grants only in a secure backend vault, never in agent memory or logs, and require explicit approval for any future charge using an on-file payment method.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

Poll the request (1x/sec recommended) or use webhooks (`customer_request.state.updated`)

Webhook handling is expected for payment integrations, but inbound payment-status events create a trust boundary that needs origin verification and replay protection.

User impactIf webhook verification is implemented poorly, spoofed or replayed events could affect payment state handling.

RecommendationVerify webhook signatures or equivalent Cash App protections, use HTTPS, make handlers idempotent, and avoid trusting webhook payloads without server-side confirmation.