Back to skill
Skillv5.5.3
ClawScan security
MoneyClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 30, 2026, 1:52 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- MoneyClaw's declared requirements and runtime instructions line up with a payment-agent helper: it only asks for a single MoneyClaw API key and instructs the agent to call MoneyClaw APIs for bounded, user-approved payment tasks.
- Guidance
- This skill appears coherent, but remember: granting MONEYCLAW_API_KEY lets the skill call your MoneyClaw account. Before installing: (1) verify you trust https://moneyclaw.ai and the operator; (2) prefer using a low-balance or test/prepaid account and keep agentAutoApprove disabled unless you explicitly need autonomous approvals; (3) confirm the API key scope and rotate or revoke keys when not in use; (4) monitor dashboard activity / inbox for unexpected payment intents; and (5) review MoneyClaw's terms/privacy and webhook handling if you plan to enable merchant features. If you need higher assurance, ask the publisher for an auditable API key policy or a scoped/test key you can evaluate first.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (inspect wallet, create payment intents, continue user-confirmed payments) match the single required credential (MONEYCLAW_API_KEY) and the API endpoints documented in SKILL.md and references. Nothing requested (no extra env vars, no binaries, no config paths) is unrelated to payment operations.
- Instruction Scope
- okSKILL.md limits operations to reading /api/me, creating and inspecting payment-intents, obtaining credentials only after explicit user confirmation, and reconciling settled charges. It repeatedly warns to stop and ask the user unless auto-approval is enabled. There are no instructions to read unrelated files, exfiltrate other credentials, or contact external endpoints beyond moneyclaw.ai and the documented widget/public endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — the lowest-risk install footprint. The skill does not attempt to download or write code to disk.
- Credentials
- okOnly one required environment variable (MONEYCLAW_API_KEY) is declared and used in the instructions; that is appropriate for an API-based payment service. The documentation explicitly treats agent auto-approval as sensitive and requires confirmation before spending, which helps justify the API key requirement.
- Persistence & Privilege
- okalways is false, user-invocable is true, and agents/openai.yaml sets allow_implicit_invocation: false, meaning the skill won't be implicitly invoked; it does not request elevated or persistent system privileges.