CreditClaw Wallet

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it gives an agent broad real-money checkout authority and raw payment-card handling that users should review carefully before installing.

Install only if you intentionally want an agent to spend real money and operate checkout pages. Keep ask-for-everything enabled unless you have tight transaction limits, merchant/domain rules, and monitoring. Require a fresh final review of merchant, item, total, shipping address, and payment method before any order or x402 payment is submitted, and avoid letting the agent handle unrelated merchant accounts or saved-payment sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (21)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: This file provides a universal playbook for completing purchases on arbitrary merchant sites, including checkout discovery, cart navigation, payment-field handling, and submission. In a wallet skill, that materially expands capability from constrained payment execution to general-purpose browser-operated commerce, increasing the risk of unauthorized purchases, policy bypass, and use on unsupported or deceptive sites.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The unknown-site browsing strategy teaches the agent how to inspect and navigate arbitrary websites for shopping patterns, which is broader than a narrowly scoped wallet function. That generalized discovery capability can be repurposed to interact with untrusted merchants, dark patterns, or phishing-style storefronts without meaningful platform constraints.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The guide explicitly instructs an agent to navigate checkout, fill shipping details, enter card data into payment iframes, and submit a live order. That goes beyond generic 'spending power' and materially enables autonomous purchasing with real financial consequences, especially because there is no embedded requirement for explicit user confirmation immediately before charging.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The file teaches merchant-specific fingerprinting and navigation for Shopify stores, which broadens the skill from a generic wallet/payment capability into platform-targeted purchase automation. In context, this increases operational reach across many storefronts and lowers friction for unattended spending or misuse at scale.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This guide explicitly instructs an agent to enter full payment card details into Stripe Elements and then click the final 'Place order' button, enabling autonomous financial transactions on third-party merchant sites. In the context of a broadly described skill ('Give your agent spending power'), this is dangerous because it operationalizes card-funded purchases without strong, explicit constraints, authorization checks, merchant trust requirements, or user-consent gates.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly supports collecting and transmitting buyer personal data such as recipient names, recipient emails, and buyer emails, but it provides no privacy, consent, retention, or handling guidance. In a payments/sales skill, omission of user-data handling expectations increases the risk that agents collect PII without proper disclosure or safeguards, leading to privacy violations or regulatory exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide instructs the agent to send merchant names to a third-party vendor-discovery API using an authenticated bearer token, but provides no warning that this discloses user shopping intent and uses a sensitive credential. In a purchasing skill, merchant lookup data can reveal procurement plans or user behavior, and normalizing silent transmission increases the chance of unintended data sharing.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This section gives operational checkout and payment-form handling instructions without an explicit warning that these steps can advance a real transaction, affect order state, and ultimately spend funds. In the context of a wallet/procurement skill, omission of a transactional safety warning is especially dangerous because the entire workflow is designed to move an agent from browsing into live checkout.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation provides ready-to-run examples for an API-key-authenticated wallet signing flow that can authorize spending, but it does not include an explicit warning that these calls may move funds or trigger financial activity. In an agent skill context, this omission is dangerous because an autonomous system may treat the examples as routine API usage and invoke them without meaningful user confirmation, increasing the risk of unintended payments and exposure of wallet/account metadata.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The guide explicitly instructs the agent to select a saved payment method and click the final Amazon order button, but it does not require an explicit user confirmation immediately before purchase. In a wallet/spending skill, this creates a real risk of unauthorized or unintended transactions because saved payment methods remove friction and the final action can complete a charge instantly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs an agent to enter full payment card number and CVV, including handling decrypted card data, without any warning, minimization guidance, or controls around PCI-sensitive data. In the context of a wallet/spending-power skill, this materially increases the risk of unauthorized payment use, unsafe storage/logging of cardholder data, and accidental exfiltration through snapshots, transcripts, or tool telemetry.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document explicitly instructs the agent to enter decrypted card numbers and CVVs into merchant checkout forms and iframes, yet it provides no prominent safeguards around sensitive financial data handling, merchant trust verification, or consent boundaries. In the context of a spending-power skill, this is especially dangerous because it operationalizes direct use of raw payment credentials across arbitrary sites.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This guide explicitly instructs an agent to input full payment card details, including PAN and CVV, into checkout forms and payment iframes, but provides no guardrails about authorization, test-mode usage, PCI-sensitive handling, or avoiding live purchases. In the context of a wallet/spending skill, these directions materially enable real-world payment execution and increase the risk of unauthorized charges, improper handling of cardholder data, and accidental completion of live orders.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The instructions recommend using 'Buy it now' and proceeding through checkout without any warning that this places a real order and charges a payment method. Omitting a conspicuous consent step before submission is dangerous because the agent is being guided to complete an irreversible financial transaction on the user's behalf.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The guide contains detailed handling instructions for highly sensitive payment data, including card number, expiry, CVV, and cardholder name, but provides no privacy, storage, or exposure safeguards. This is dangerous because it normalizes direct processing of cardholder data in automation flows without minimizing data access, warning the user, or restricting how secrets are handled.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The description "Give your agent spending power." is highly broad and action-oriented, but does not constrain when the skill should be invoked or what spending boundaries apply. In a wallet/payment skill, vague invocation language increases the chance an agent will select the skill in loosely related shopping or payment contexts, potentially leading to unnecessary purchase flows or access to payment operations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill gives explicit instructions for entering full payment-card data, including decrypted card number and CVV, into checkout fields without any warning, consent boundary, or data-handling safeguard. In a wallet/spending-power skill, this materially increases the risk of unauthorized purchases, misuse of highly sensitive financial data, and unsafe agent behavior around PCI-regulated information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The checkout guidance explicitly instructs an agent to fill billing, shipping, and payment fields, which involves handling highly sensitive personal and financial data. Because the skill provides operational steps for processing card data without clear consent, minimization, redaction, or escalation requirements, it increases the risk of unsafe collection, autofill, storage, or transmission of payment information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions tell the agent to input decrypted card number, expiry, and CVV into Stripe-hosted fields, which involves direct handling of highly sensitive financial data. Without prominent warnings, minimization controls, secure-use constraints, or explicit consent and audit requirements, this creates substantial risk of unauthorized spending, accidental disclosure, and unsafe processing of payment credentials.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Request x402 Payment Signature ```bash curl -X POST https://creditclaw.com/api/v1/stripe-wallet/bot/sign \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 90% confidence
Finding: curl -X POST https://creditclaw.com/api/v1/stripe-wallet/bot/sign \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: Use the `x_payment_header` value as-is in your retry request: ```bash curl https://api.example.com/v1/data \ -H "X-PAYMENT: eyJ0eXAiOi..." ```
Confidence: 88% confidence
Finding: https://api.example.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal