PayLobster
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is for real crypto payments and spending permissions, but the artifacts do not clearly bound approvals, credentials, or the hosted payment service, so it should be reviewed before use.
Treat this as a real-money crypto payment integration. Before enabling it, verify the PayLobster service and packages, use a limited wallet or treasury, require explicit confirmation for every transaction, set very small spending allowances, and know how to revoke permissions, subscriptions, and streams.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could incur real payment charges or initiate high-impact financial workflows without the user noticing each action.
This shows the skill supports automatic spending through a payment protocol; for a financial skill, that needs explicit caps and approval boundaries that are not clearly established in the provided artifact.
Every PayLobster API is payable via HTTP 402: ... Agent pays for service automatically ... Service executes
Use only with explicit per-transaction confirmation, hard spending limits, and a wallet/account that contains only funds you are willing to risk.
A connected agent could spend from a treasury within the delegated allowance, potentially causing real financial loss.
This grants delegated spending authority to an agent. The registry metadata declares no primary credential or env vars, and the visible instructions do not clearly describe revocation, expiry, or required user confirmation.
await createSpendPermission(treasury, agent, 'USDC', '100', 1); // 100 USDC/day
Create spend permissions only after explicit wallet review, keep limits very low, set short expirations, and verify how to revoke permissions before enabling the skill.
Users have less information to verify that the payment service and any referenced packages are the intended, legitimate components.
For a financial integration that also references external hosted, SDK, and CLI interfaces, missing provenance is important context, although the provided artifact does not show automatic installation or hidden code execution.
Source: unknown Homepage: none
Manually verify the PayLobster domain, package names, publisher, and documentation before using any SDK, CLI, or hosted MCP endpoint with funds.
Financial instructions and wallet-related data may be sent to the hosted service, so a compromised or impersonated endpoint could affect payment decisions.
The hosted MCP server is purpose-aligned, but it is an external control plane for wallet addresses, transaction intents, signatures, and payment actions; the visible artifact does not define the data boundary or authentication model.
Use the hosted MCP server (paylobster.com/mcp/mcp) ... process USDC payments on Base mainnet.
Verify the MCP endpoint, avoid sending unnecessary secrets, and require local wallet confirmation before any transaction is signed or submitted.
A mistaken setup could continue billing or streaming funds until it is cancelled or revoked.
Recurring billing and streaming payments are expected payment features, but they create continuing obligations beyond a single interaction; the visible artifact does not show clear cancellation or containment instructions.
`merchant_create_subscription` — Set up recurring billing
Confirm all recurring or streaming payments manually, document cancellation steps, and monitor active permissions/subscriptions.