ClawHub

Kash - Agentic Payment Provider

ReviewAudited by ClawScan on May 10, 2026.

Overview

This is a transparent Kash payment integration, but installing it gives your agent the ability to spend wallet funds automatically, so it needs careful review.

Only install this if you intentionally want your agent to make payments from a Kash wallet. Use a dedicated low-balance wallet or strict Kash dashboard budget, set KASH_SPEND_CONFIRMATION_THRESHOLD=0 for per-spend approval, keep KASH_KEY out of chat/logs, and avoid setting KASH_API_URL in production.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

A mistaken, compromised, or prompt-injected agent could spend wallet funds, especially through repeated transactions below the confirmation threshold or by misusing the confirmation flag.

Why it was flagged

The spend tool performs a real payment API call. Amounts at or below the threshold proceed without confirmation, and larger spends are blocked only unless the caller supplies confirmed=true.

Skill content
if (params.amount > SPEND_CONFIRMATION_THRESHOLD && !params.confirmed) { ... } ... fetch(`${KASH_API_URL}/api/agents/${KASH_AGENT_ID}/spend`, { method: 'POST', ... })
Recommendation

Set KASH_SPEND_CONFIRMATION_THRESHOLD=0 if you want approval for every spend, set a low Kash dashboard budget and KASH_BUDGET, and monitor or pause the agent from the Kash dashboard.

Medium
#ASI03: Identity and Privilege Abuse
What this means

If the API URL override is misconfigured, the wallet key could be sent less safely than expected, and anyone with that key may be able to spend from the Kash agent wallet.

Why it was flagged

The Kash key is sent to the configured API URL. The override validation checks hostnames, but does not check the URL protocol, so an allowed non-HTTPS override could receive the wallet credential despite the security documentation emphasizing HTTPS.

Skill content
const KASH_API_URL = process.env.KASH_API_URL || 'https://api.kash.dev' ... const isTrusted = TRUSTED_DOMAINS.some(d => url.hostname === d || url.hostname.endsWith(`.${d}`)) ... 'x-kash-key': KASH_KEY!
Recommendation

Leave KASH_API_URL unset unless developing locally, use only https://api.kash.dev in production, and rotate KASH_KEY if it may have been exposed.