Back to skill
Skillv1.0.0
ClawScan security
AgentFin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 2:01 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested access and runtime instructions are consistent with its stated purpose (issuing and managing virtual cards via a REST API), but it handles highly sensitive payments data and the publisher is unverified—exercise caution before installing.
- Guidance
- This skill is internally coherent for controlling a third-party virtual-card service, but it performs very sensitive actions (revealing PAN/CVV, fetching OTPs, moving funds). Before installing: verify the vendor (agentfin.tech) and publisher reputation; only provide an API key with the minimum privileges and rotate it frequently; never store or log PAN/CVV/OTP values in plaintext; enable monitoring/alerts for API key use and unexpected charges; confirm you have legal/contractual right to issue and use cards via this service; consider using an ephemeral or limited-scope key for testing; and treat the skill as high-risk if you cannot validate the provider or its regulatory compliance.
- Findings
[no-code-to-scan] expected: Scanner found no code files to analyze; this is expected because the skill is instruction-only (SKILL.md contains curl examples). Absence of regex findings is not evidence of safety; the SKILL.md is the primary surface to review.
Review Dimensions
- Purpose & Capability
- okName/description (virtual cards, balance, credentials, OTP) matches the single required credential (AGENTFIN_API_KEY) and the API endpoints described in SKILL.md. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md is instruction-only and limits actions to calling the AgentFin REST API (balance, card sensitive endpoint, inbox/latest-otp, topup, transactions). It does not instruct reading other files, environment variables, or transmitting data to third parties beyond the documented base URL.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill (lowest install risk). Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okOnly AGENTFIN_API_KEY is required and declared as the primary credential, which is proportionate for an API-based payment/card service.
- Persistence & Privilege
- okSkill is not force-included (always:false) and does not request persistent system privileges or modification of other skills. Autonomous invocation is allowed by default but not excessive here.