Skillv2.9.5

ClawScan security

CreditClaw Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 26, 2026, 7:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a payment/spending capability: it only asks for a single CREDITCLAW_API_KEY and provides detailed, payment-specific runtime guidance; nothing requires unrelated credentials or binaries.
Guidance: This skill is internally coherent for giving an agent spending power, but it performs highly sensitive actions: it will request approval, retrieve single-use decryption keys, decrypt card details in memory, and command the agent to type card data into third-party merchant pages. Before installing, verify you trust the vendor (CreditClaw), store the CREDITCLAW_API_KEY securely, and ensure the owner's approval mode is strict (e.g., ask_for_everything) so the agent cannot spend without explicit owner confirmation. Note minor metadata inconsistencies in the package manifest (some files claim a homepage and primaryEnv while the registry summary omitted them); confirm the skill's source (homepage/repo) and review any platform-level webhook callback URLs you register. Finally, treat this skill as high-sensitivity: limit which agents get the key, monitor transaction logs closely, and revoke/freeze the wallet immediately if anything unexpected occurs.

Review Dimensions

Purpose & Capability: okThe skill is described as giving the agent spending power and the only required environment variable is CREDITCLAW_API_KEY. All documented API calls, checkout flows, and browser automation steps directly map to that purpose.
Instruction Scope: noteThe SKILL.md and companion guides instruct the agent to request approvals, retrieve a one-time decryption key, decrypt card data in-memory, and type card details into merchant checkouts. This is expected for a wallet/checkout skill but is inherently sensitive because the agent will handle raw card data and interact with third-party merchant pages. The files include explicit security guidance (do not leak the API key, discard decrypted card data).
Install Mechanism: okInstruction-only skill (no install spec, no downloaded code). This minimizes installation risk — nothing is written to disk by the package itself.
Credentials: okOnly a single credential (CREDITCLAW_API_KEY) is requested, which is proportional for a service that authorizes spending. The instructions consistently use that key and do not request unrelated secrets.
Persistence & Privilege: notealways:false (normal). The skill allows autonomous invocation (disable-model-invocation:false), which is the platform default; combined with possession of CREDITCLAW_API_KEY this enables the agent to initiate spend flows autonomously if approval mode permits. The skill documentation emphasizes default 'ask_for_everything' approval, but owners should verify their configured approval mode before enabling the skill.