ClawHub

MoneyClaw

v5.5.3

Inspect a MoneyClaw wallet, create bounded payment tasks, and continue user-confirmed payment steps using a prepaid account. Use only when the user clearly a...

0· 591·2 current·2 all-time
by@elvismusli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (inspect wallet, create payment intents, continue user-confirmed payments) match the single required credential (MONEYCLAW_API_KEY) and the API endpoints documented in SKILL.md and references. Nothing requested (no extra env vars, no binaries, no config paths) is unrelated to payment operations.
Instruction Scope
SKILL.md limits operations to reading /api/me, creating and inspecting payment-intents, obtaining credentials only after explicit user confirmation, and reconciling settled charges. It repeatedly warns to stop and ask the user unless auto-approval is enabled. There are no instructions to read unrelated files, exfiltrate other credentials, or contact external endpoints beyond moneyclaw.ai and the documented widget/public endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — the lowest-risk install footprint. The skill does not attempt to download or write code to disk.
Credentials
Only one required environment variable (MONEYCLAW_API_KEY) is declared and used in the instructions; that is appropriate for an API-based payment service. The documentation explicitly treats agent auto-approval as sensitive and requires confirmation before spending, which helps justify the API key requirement.
Persistence & Privilege
always is false, user-invocable is true, and agents/openai.yaml sets allow_implicit_invocation: false, meaning the skill won't be implicitly invoked; it does not request elevated or persistent system privileges.
Assessment
This skill appears coherent, but remember: granting MONEYCLAW_API_KEY lets the skill call your MoneyClaw account. Before installing: (1) verify you trust https://moneyclaw.ai and the operator; (2) prefer using a low-balance or test/prepaid account and keep agentAutoApprove disabled unless you explicitly need autonomous approvals; (3) confirm the API key scope and rotate or revoke keys when not in use; (4) monitor dashboard activity / inbox for unexpected payment intents; and (5) review MoneyClaw's terms/privacy and webhook handling if you plan to enable merchant features. If you need higher assurance, ask the publisher for an auditable API key policy or a scoped/test key you can evaluate first.

Like a lobster shell, security has layers — review code before you run it.

approvalvk974gmc5yn3yrhcddr6c930k7h83x9rdcardsvk979fs2ytn52rba42ysrqws5c183qnbjcheckoutvk974gmc5yn3yrhcddr6c930k7h83x9rdinvoicesvk974f55e0c769cxx219vb2swrd82rx0zlatestvk974gmc5yn3yrhcddr6c930k7h83x9rdotpvk979fs2ytn52rba42ysrqws5c183qnbjpaymentsvk974gmc5yn3yrhcddr6c930k7h83x9rdprepaidvk974gmc5yn3yrhcddr6c930k7h83x9rdsubscriptionsvk979fs2ytn52rba42ysrqws5c183qnbjwalletvk974gmc5yn3yrhcddr6c930k7h83x9rd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMONEYCLAW_API_KEY
Primary envMONEYCLAW_API_KEY

Comments