Skillv1.2.1

ClawScan security

Shop from Instagram - With your creditcard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 8:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are largely coherent for a payment/shopping integration, but it instructs the agent to persistently download remote files into the user's home directory and grants direct spending power via a single API key — proceed only if you fully trust creditclaw.com and understand the financial risk.
Guidance: This skill appears to do what it says (let an agent make purchases using a CreditClaw wallet), but it carries real financial power: the CREDITCLAW_API_KEY lets the service spend funds on behalf of the agent. Before installing or saving files from this skill, verify you trust https://creditclaw.com (company reputation, TLS cert, docs). Prefer not to persist remote files unless you inspect them first; if you must, download them manually and review contents. Limit the API key's permissions/funds (use a separate low-balance test wallet), enable owner-approval modes, rotate the key if you stop using the skill, and require explicit human confirmation for purchases. If you need higher assurance, ask the publisher for an official install package or audited integration documentation and request an explanation for why local files must be written to ~/.creditclaw/skills/stripe.

Review Dimensions

Purpose & Capability: okName/description (Stripe-powered agent wallets) align with the required credential (CREDITCLAW_API_KEY) and the documented API endpoints (creditclaw.com/api/v1). The env var requested is appropriate for a payment provider integration.
Instruction Scope: concernSKILL.md contains detailed runtime instructions and curl examples that direct the agent to call creditclaw.com endpoints (expected) but also shows explicit commands to download and save multiple remote files into ~/.creditclaw/skills/stripe. That persists content from an external host to disk and expands the skill's runtime surface beyond ephemeral API calls.
Install Mechanism: concernThere is no formal install spec, but the SKILL.md includes ad-hoc curl-based install instructions that pull multiple files from https://creditclaw.com and write them into the user's home directory. Download-and-write behavior increases risk because the remote host controls content that would be persisted and used later; the URLs are not from a widely-known release host but do match the skill's declared homepage.
Credentials: okOnly a single environment variable (CREDITCLAW_API_KEY) is required and this directly maps to the skill's purpose (authorizing purchases). No unrelated credentials, paths, or broad system tokens are requested.
Persistence & Privilege: notealways:false (no forced inclusion). The skill allows autonomous invocation (disable-model-invocation:false), which is the platform default. Combined with the fact the API key authorizes spending, autonomous use increases potential impact — this is expected for a payments skill but worth caution.