Skillv1.0.7

ClawScan security

Kash - Agentic Payment Provider · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 25, 2026, 11:27 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, documentation, and declared requirements are internally consistent: it only needs a Kash API key and agent ID, calls the Kash API at api.kash.dev, and enforces local and server-side budget/confirmation rules as described.
Guidance: This skill appears to do what it says: it will send your KASH_KEY to api.kash.dev to make payments. Before installing, consider: 1) Keep KASH_KEY secret and only obtain it from kash.dev; never paste it in chat. 2) If you don't want any autonomous spending, set KASH_SPEND_CONFIRMATION_THRESHOLD=0 so every spend requires an explicit YES. 3) Set a conservative KASH_BUDGET (e.g., small session cap) to limit exposure. 4) Do not set KASH_API_URL to an untrusted domain — the skill allows only api.kash.dev and localhost. 5) Monitor kash.dev/dashboard/transactions and be ready to pause the agent if you see unexpected charges. These mitigations reduce the main risk: automated small charges that occur without per-transaction confirmation.

Purpose & Capability: okName and description match the implementation: the skill only requires KASH_KEY and KASH_AGENT_ID and provides functions to spend and check balance via api.kash.dev. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: okSKILL.md and tools.ts both instruct the agent to call kash_spend before paid operations and to require user confirmation for spends above the threshold; they do not request reading unrelated files or secrets. Rules are explicit and scoped to payment actions.
Install Mechanism: okThere is no install step beyond an instruction-only skill plus a small TypeScript tool file. No external downloads, installers, or package installs are included.
Credentials: noteOnly KASH_KEY and KASH_AGENT_ID are required (KASH_BUDGET and KASH_API_URL are optional). This is proportionate for a payment provider. Note: by design, small spends below the confirmation threshold (default $5) are allowed autonomously — users should be aware of this implicit risk and configure KASH_SPEND_CONFIRMATION_THRESHOLD or KASH_BUDGET if they want stricter controls.
Persistence & Privilege: okThe skill is not forced-always and does not request elevated system-wide privileges. It can be invoked autonomously (platform default), which is expected for a payment skill; combine that with budget/threshold settings when assessing risk.