ClawHub
Back to skill
v1.1.0

ClawPay-Hedera

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:51 AM.

Analysis

Review before installing: this payment skill requires a Hedera wallet private key, and its example exposes that key on the command line despite warning not to.

GuidanceInstall only if you intend to use Hedera/x402 paid MCP tooling. Use a dedicated testnet wallet key, do not reuse a mainnet or personal wallet key, avoid commands that place the private key in process arguments, keep low spending caps, and pin or verify the npm SDK version before setup.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
“Transact — Call the tool via MCP, ClawPay handles the USDC payment automatically” and “Default max: 0.1 USDC ... per call”

Automatic paid tool calls are central to the skill and capped by default, but they still authorize the agent to initiate payment flows when configured.

User impactIf enabled with a funded key, the agent may spend funds for paid MCP tool calls within the configured limits.
RecommendationKeep the default testnet mode, set conservative per-call limits, and require explicit user approval before using any mainnet key or raising spending caps.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/setup.sh
npx @clawpay-hedera/sdk --version

The setup script invokes an unpinned npm package via npx. This is consistent with the Node-based SDK setup, but it means the installed code depends on the current npm package contents.

User impactFuture or compromised versions of the npm package could change what code runs during setup or use.
RecommendationPin a known-good SDK version where possible and install only from the expected @clawpay-hedera/sdk package source.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
“Always set `HEDERA_PRIVATE_KEY` as an env var — never pass it as a CLI argument...” and later: `--hedera-key "$HEDERA_PRIVATE_KEY"`

The artifact explicitly says not to expose the wallet private key through CLI arguments, but the provided connection command expands the environment variable into a command-line argument, where it may be visible in process listings or logs.

User impactA Hedera private key could be exposed locally if the user follows the documented command, potentially allowing misuse of the associated wallet if the key is real or reused.
RecommendationUse a dedicated testnet-only key, avoid reusing any wallet key, and prefer a SDK mode that reads HEDERA_PRIVATE_KEY directly from the environment without passing it as a command-line argument.