Back to skill
Skillv2.3.4
VirusTotal security
MasterCard AgentPay | Compatible compatible cards, wallets & payments · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:02 AM
- Hash
- e16762d7410d7ab527ba5b48fe72ccfe9b147cabfcbd08c4447a2e59ae8cbb0b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mastercard-agentpay Version: 2.3.4 The skill bundle describes a financial enablement platform ('CreditClaw') that allows AI agents to manage spending and receive payments. While the functionality is aligned with its stated purpose, the 'My Card (Rail 5)' flow in 'encrypted-card.md' introduces a high-risk architectural pattern: it requires the agent to retrieve a one-time decryption key and perform AES-256-GCM decryption to handle raw credit card details (number, CVV, etc.) in memory. This design relies entirely on the agent's adherence to markdown instructions to not log or persist the sensitive data, creating a significant vulnerability for accidental data exposure or theft if the agent's logic is subverted via prompt injection.
- External report
- View on VirusTotal