Billing
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only billing reference; it contains high-impact payment examples, but they are disclosed and aligned with the stated purpose.
This skill appears safe to install as an instruction-only billing guide. Before applying its examples, review any code that creates charges, refunds, subscriptions, invoices, connected accounts, or stores billing/KYC data, and test thoroughly with non-production credentials.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users copy these examples into production without proper checks, they could unintentionally charge customers or mutate billing state.
This is a live-payment API pattern that could charge a customer if implemented with real credentials. It is expected for a billing skill and is presented as a code example, not an automatic action.
const intent = await stripe.paymentIntents.create({ amount: 5000, currency: 'usd', customer: customerId, payment_method: pmId, off_session: true, confirm: true });Use test mode first, require clear business/user authorization for live charges, add idempotency keys, and review all billing mutations before deployment.
Improper handling of KYC data or connected-account permissions could expose sensitive identity information or affect vendor payouts.
Marketplace onboarding examples involve sensitive KYC identity information and connected-account authority. This is purpose-aligned for marketplace payments, but it requires careful handling.
individual: { first_name: 'Jane', last_name: 'Doe', ssn_last_4: '1234', // Or full SSN, address: { /* ... */ } }Prefer provider-hosted onboarding, minimize locally stored KYC data, restrict Stripe/API credentials to required scopes, and follow applicable privacy and compliance requirements.