Alipay Wallet
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill has no executable code, but it describes accessing or synchronizing sensitive Alipay financial records without explaining permissions, data sources, or limits.
Install only if you want general Alipay wallet guidance. Do not provide login credentials, verification codes, cookies, or unrestricted financial exports, and verify any balances, statements, tax details, or investment advice in the official Alipay app.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could treat the skill as authorized to handle detailed Alipay financial records without clear permission boundaries.
These are sensitive Alipay financial/account records, but the skill declares no credential mechanism, access scope, source of truth, or approval boundaries for obtaining or exporting them.
- 交易流水/对账单导出/税费明细
Use only data you intentionally provide, do not share Alipay passwords, SMS codes, cookies, or full credentials, and require explicit confirmation before any export or account-related action.
Users may over-trust the skill’s freshness or account awareness and make financial decisions based on data the skill may not actually be able to access or verify.
The skill claims frequent synchronization with market data and personal bill changes, but the artifacts contain no API integration, credential declaration, install mechanism, or persistence that would support this claim.
- 每日跟随市场行情与个人账单变更进行亚小时级同步
Treat the skill as general guidance unless a reviewed, explicit Alipay integration and data-permission flow is provided; verify balances, transactions, and investment information directly in Alipay.