Back to skill
Skillv1.0.1
ClawScan security
Card Management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 20, 2026, 8:07 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (manage MasterPay virtual cards) mostly matches its instructions, but there are coherence gaps around authentication and dependencies that you should understand before installing.
- Guidance
- This skill appears to implement MasterPay card-management flows, but there are some missing integration details you should confirm before installing: - Authentication: The skill demands a valid bearer token for every API call but does not declare how to obtain or store that token (no API_KEY, CLIENT_ID/SECRET, or auth flow described). Ask the publisher how the agent is expected to authenticate (platform-managed session, OAuth flow, API key via another env var, etc.). - PrimaryEnv misuse: AIOT_API_BASE_URL is listed as the "primary credential" but is just a URL — make sure no secret was accidentally omitted. - Sensitive operations: The skill can return full card numbers, CVVs, and ATM PINs. Ensure you trust the skill/agent runtime and that logs, transcripts, and backups will not persist those values. Follow the SKILL.md guidance to require the transaction PIN interactively and never cache it. - External dependency: SKILL.md calls get_kyc_status from a kyc-identity skill but doesn’t declare that dependency. Verify that your agent has that skill available and that cross-skill calls are secure. If the publisher can show how authentication is performed (and add explicit required env vars for tokens/keys or confirm platform-managed auth) and document any cross-skill dependencies, this assessment could be upgraded to benign. As-is, treat it as suspicious and verify these gaps before granting access or entering transaction PINs.
Review Dimensions
- Purpose & Capability
- noteThe name and description match the documented API endpoints and operations (create/list/lock/unlock/cancel cards). Requiring an API base URL is expected. However, marking the API base URL as the "primary credential" is odd (a URL is not a secret credential) and the skill does not declare how bearer tokens or other auth are obtained, which is a proportionality/integration mismatch.
- Instruction Scope
- noteThe SKILL.md stays focused on card management flows and explicitly calls out KYC checks, wallet KYC, transaction PIN usage, and sensitive-handling rules. It references another skill (kyc-identity:get_kyc_status) for KYC verification but does not declare that dependency. Instructions require verifying bearer tokens before calls but give no guidance for obtaining those tokens—this is an ambiguity that could lead to unexpected agent behavior.
- Install Mechanism
- okInstruction-only skill with no install spec or code files; nothing is written to disk and there are no third-party installs. Low installation risk.
- Credentials
- concernOnly AIOT_API_BASE_URL is declared as a required env var; yet every endpoint is marked "Requires auth" and several operations require a transaction PIN. The skill does not declare any auth token, API key, or secret environment variables nor explain how bearer tokens or transaction PIN verification are handled. Declaring a URL as the primary credential is disproportionate and unclear.
- Persistence & Privilege
- okThe skill is not force-installed (always: false) and does not request persistent system privileges. It explicitly instructs not to cache transaction PINs and to avoid logging secrets, which is appropriate.