Skillv1.0.12

ClawScan security

DoorDash Claw | Order your next meal with OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package claims DoorDash ordering but all runtime instructions and files are for a CreditClaw payment/wallet service and request a single payment API key — the name/slug mismatch and instructions to fetch/write remote files warrant caution.
Guidance: This package is suspicious mainly because the name/slug ('DoorDash') does not match the actual content (CreditClaw payment wallet). Before installing or supplying an API key: 1) Verify the publisher and that https://creditclaw.com is the intended provider — confirm TLS cert and contact channels. 2) If you only wanted a DoorDash ordering skill, do not hand over your CREDITCLAW_API_KEY — this key grants spending ability on CreditClaw. 3) Prefer least-privilege: create a limited/ test CreditClaw API key and fund a very small balance when testing. 4) Be cautious about running the curl commands that download and write files to ~/.creditclaw; only run them after you trust the domain. 5) Monitor transaction logs and API usage in your CreditClaw dashboard and revoke the key immediately if you see unexpected activity. 6) If the mismatch was unexpected, ask the registry owner/publisher for clarification; packaging errors or mislabeling can indicate sloppy or malicious publishing.

Review Dimensions

Purpose & Capability: concernThe registry entry (name/slug) suggests 'DoorDash' ordering but every provided file, the SKILL.md content, and API endpoints refer to CreditClaw (creditclaw.com) — a payments/wallet service. Requesting CREDITCLAW_API_KEY is consistent with CreditClaw but not with a DoorDash-only ordering skill. This packaging/name mismatch is incoherent and could be an accidental mislabel or intentional misdirection.
Instruction Scope: noteThe SKILL.md instructs the agent to call CreditClaw APIs (curl to https://creditclaw.com/api/v1/*) and to download multiple skill files from creditclaw.com into ~/.creditclaw/skills/creditcard. Those instructions are scoped to a wallet/payments integration (checking balances, posting purchase requests, polling approvals). They do not request unrelated local credentials or system files, but they do direct the agent to persist external files to the user's home directory and to perform web searches / extract ASINs as part of shopping flows — actions that expand the agent's surface but are consistent with a shopping/payment assistant. The main concern is the mismatch between the skill's advertised name (DoorDash) and the actual instructions (CreditClaw wallet).
Install Mechanism: okThere is no automated install spec (instruction-only), so nothing arbitrary is written to disk by the platform. The README suggests using curl to download files from https://creditclaw.com, which is a direct domain (not a shortener or personal IP). Downloading remote skill docs is lower-risk than executing arbitrary installers, but it still writes remote content to the user home if followed — verify the host before running those commands.
Credentials: concernThe skill requires a single credential, CREDITCLAW_API_KEY, and declares it as the primary credential — appropriate for a payments API. However, given the registry name/slug mismatch (DoorDash vs CreditClaw), a user expecting a DoorDash ordering skill might be surprised to be asked for a payment API key unrelated to DoorDash. Only provide this key if you intend to use CreditClaw; otherwise the request is disproportionate to a pure DoorDash-ordering capability.
Persistence & Privilege: okalways is false and the skill is user-invocable; autonomous invocation is allowed (the platform default). The skill does suggest saving files under ~/.creditclaw/skills/creditcard, which is limited to the user's home config and is expected for a skill that provides companion docs. There is no request to modify system-wide configs or other skills.