DoorDash Claw | Are you hungry?
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: eat Version: 1.0.7 The CreditClaw skill bundle provides a legitimate framework for AI agents to perform financial transactions (Amazon, Shopify, SaaS) under human-defined guardrails. It includes detailed documentation for various payment 'rails', registration flows, and security protocols, specifically instructing the agent to protect its API key and respect owner-configured spending limits. No indicators of malicious intent, data exfiltration, or unauthorized execution were found; the instructions emphasize human-in-the-loop approvals and server-side enforcement of safety rules.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think they are installing a narrow food-ordering helper while actually enabling a broader payment wallet that can be used for many types of purchases.
The user-facing name and slug imply a DoorDash/food skill, while the description and included files describe a general wallet/payment capability for many purchases and agent-to-agent payments. For a financial skill, this mismatch can cause users to underestimate the authority being granted.
Name: DoorDash Claw | Are you hungry? ... Slug: eat ... Description: Easy-to-use agentic wallets powered by Stripe... for any purchases or A2A payments.
Rename and describe the skill consistently as a CreditClaw payment wallet, and clearly state that it is not limited to DoorDash or food purchases before users provide an API key.
Anyone or any agent with the key may be able to act as the wallet identity and spend within the owner’s configured limits.
The required CREDITCLAW_API_KEY is expected for this payment service, but it carries spending authority and should be treated as a high-impact credential.
All requests require: `Authorization: Bearer <your-api-key>` ... Your API key is your identity. Leaking it means someone else can spend your owner's money.
Only install if you intend to give this agent a CreditClaw wallet key; keep the key scoped to creditclaw.com, rotate it if exposed, and set conservative spending limits.
A mistaken or overly broad agent instruction could lead to real spending if it falls within the configured allowance.
The documented API can initiate real purchases or card charges across broad merchant types. This is purpose-aligned and guarded by owner limits, but within allowance it may not require a separate owner approval step.
Use this rail for: Any online store — SaaS subscriptions, cloud hosting, domain registrations, digital services ... If the amount is within your auto-approved allowance, it processes immediately.
Keep `ask_for_everything` or low auto-approval thresholds until trusted, and require explicit user confirmation of merchant, item, and price before any purchase request.
Remote or cached policy text could influence future purchase behavior if it is overly broad or stale.
The skill tells the agent to cache remote spending-policy data and treat a returned notes field as instructions. That is useful for guardrails but should be scoped to payment policy rather than general agent behavior.
Cache this response for up to 30 minutes. Check it before any purchase. ... `notes` — read and follow these; they are direct instructions from your owner
Treat owner notes as spending constraints only, refresh them before purchases, and do not let them override higher-priority user or system instructions.
The agent may periodically call CreditClaw APIs and prompt for top-ups if you allow this routine.
The artifact suggests recurring autonomous wallet checks. No installed background worker is present, so this is disclosed guidance rather than hidden persistence.
CreditClaw Heartbeat (suggested: every 30 minutes) Run this routine periodically to stay aware of your wallet status, spending permissions, and balance
Run heartbeat checks only on a schedule you approve, and disable or ignore the routine if you do not want recurring wallet activity.
If the remote files change or the domain is compromised, the local instructions could differ from what was reviewed.
The optional setup downloads remote skill files without a pinned hash or signature. The files are documentation, not code, and the step is user-directed, so this is a supply-chain notice rather than a direct malicious signal.
curl -s https://creditclaw.com/creditcard/skill.md > ~/.creditclaw/skills/creditcard/SKILL.md ... curl -s https://creditclaw.com/creditcard/skill.json > ~/.creditclaw/skills/creditcard/package.json
Review downloaded files before use and prefer pinned, checksummed, or registry-managed versions for a payment-related skill.