Back to skill

Security audit

MasterCard AgentPay | Compatible compatible cards, wallets & payments

Security checks across malware telemetry and agentic risk

Overview

This is a high-impact payment skill that can spend money and handle customer or shipping data, but the reviewed artifacts disclose the CreditClaw API flows, credentials, approvals, and guardrails.

Install only if you trust CreditClaw as a payment provider. Start with ask-for-everything approval mode, set low per-transaction/daily/monthly limits, require explicit confirmation before purchases, invoices, emails, or public shop publishing, and never expose CREDITCLAW_API_KEY outside creditclaw.com.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest metadata does not mention that the skill provisions new bot accounts and requires external callback/webhook infrastructure, despite the body instructing the agent to register and expose a callback URL. This mismatch can cause unexpected external state creation and inbound event handling without the operator realizing the skill has deployment and trust-boundary implications.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The manifest metadata does not mention that the skill provisions new bot accounts and requires external callback/webhook infrastructure, despite the body instructing the agent to register and expose a callback URL. This mismatch can cause unexpected external state creation and inbound event handling without the operator realizing the skill has deployment and trust-boundary implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports collecting buyer names and exposing buyer email addresses in sales data, but it provides no privacy warning, consent guidance, retention guidance, or data-minimization recommendations. In a payments context, this can cause agents to process PII without understanding disclosure obligations or safely handling customer data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The invoice workflow sends recipient name, email, billing details, and a PDF attachment to an external party via email, yet the skill offers no warning that this is an external transmission of customer data. This increases the risk of accidental disclosure, misuse of recipient data, or noncompliant automated emailing by downstream agents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This guide documents a flow that transmits sensitive personal data, including shipping address details, and can trigger a real-world purchase, but it does not prominently warn the operator about those consequences or require explicit confirmation safeguards. In an agent skill focused on payments, that omission increases the chance of unintended purchases or privacy-impacting data submission by downstream agents or users who treat the example as routine API usage.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation description is broad and payment-generic, which increases the chance that an orchestrator will select this skill for vague requests involving purchases, wallets, invoices, or money movement. Because the skill can register accounts, handle payment credentials, and create selling/payment links, over-broad matching materially raises the risk of unintended financial actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.