Skill Openclaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent payment skill, but it gives the agent real authority to move money and may log sensitive payment details, so it should be reviewed carefully before use.
Install only if you intentionally want your agent to spend or move funds. Set low per-transaction, daily, and monthly limits, keep wallet balances limited, require human confirmation for payment/off-ramp/order/approve tools, protect and rotate Oris credentials as needed, and review local logging before entering bank or payment details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, compromised, or overly broad agent task could move funds, place paid orders, or approve a pending payment within the configured provider limits.
These are mutating financial tools exposed to the agent. Even though this matches the skill's purpose and the provider policy may limit spend, the artifacts do not show a local user-confirmation requirement before the agent can spend, withdraw, order, or approve.
`oris_pay` | Send a stablecoin payment ... `oris_place_order` | Buy a service from another agent ... `oris_approve_pending` | Approve an escalated payment ... `oris_fiat_offramp` | Withdraw to bank account
Use strict Oris spending limits, keep only limited wallet funds available, and require explicit human approval in OpenClaw or the host environment for payment, marketplace order, off-ramp, and approve-pending tools.
Anyone who can read or misuse these credentials may be able to act as the configured Oris agent and attempt payment operations.
The skill clearly discloses local storage and use of Oris credentials. This is purpose-aligned, but those credentials authorize payment operations.
Your credentials are stored in your local OpenClaw config. They are used to sign authenticated requests to the Oris API (api.useoris.finance) when your agent performs payment operations.
Protect the OpenClaw config file, use revocable/least-privilege credentials where available, and rotate the Oris key and secret if the local machine or config file may have been exposed.
Sensitive transaction or banking details could be retained in local OpenClaw/MCP logs or any log collection configured for the host.
The MCP server logs tool names and the first 200 characters of tool arguments. For this skill, arguments can include payment amounts, recipient addresses, purposes, and bank account identifiers.
logger.info("tool call: %s(%s)", tool_name, json.dumps(arguments, default=str)[:200])Redact or disable argument logging for financial tools, especially `destination_account`, recipient addresses, amounts, and payment purposes.
Users have less registry-level assurance about the origin of the code that will handle payment credentials.
The registry source is not identified. This is not evidence of malicious behavior, but provenance matters more for a skill that handles credentials and payments.
Source: unknown
Verify the publisher, homepage, and package source before installing, and prefer pinned/reproducible releases for financial automation.