Skillv1.0.2

ClawScan security

Chase Bank - Give your Claw Agent a credit card · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 9:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with its stated purpose: it needs one CreditClaw API key and only instructs the agent to call creditclaw.com endpoints and optionally store skill docs locally.
Guidance: What to consider before installing: 1) Verify the service domain and trustworthiness of https://creditclaw.com before placing an API key there. 2) Only provide an API key if you intend the agent to be able to make purchases; consider creating a limited-scope or low-balance API key (or spending limits) and keep approval_mode set to 'ask_for_everything' until you trust its behavior. 3) The skill's curl examples will store files under ~/.creditclaw if you follow them — review those downloaded files before executing anything local. 4) Be aware that following the heartbeat guidance causes periodic network requests using your API key; configure or disable that if you don't want automated polling. 5) Monitor purchases and revoke the API key immediately if you see unexpected activity. If you are unsure about the legitimacy of creditclaw.com, do not install or share your API key.

Review Dimensions

Purpose & Capability: okName/description (an agent shopping helper) align with required artifacts: a single CREDITCLAW_API_KEY and API calls against https://creditclaw.com/api/v1. There are no unrelated environment variables, binaries, or install steps that would be out of scope for a payment/checkout integration.
Instruction Scope: noteSKILL.md explicitly instructs the agent to call creditclaw.com endpoints (status, spending, rail checks, top-up requests) and gives curl examples using the CREDITCLAW_API_KEY. That is within scope. It also suggests downloading skill docs into ~/.creditclaw/skills/creditcard (which writes files to the user's home) and running a periodic heartbeat routine (polling the API). Those behaviors are reasonable for this purpose but do introduce persistent local files and periodic network traffic — the user should be aware of that.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No packages are downloaded or executed by the platform itself, which minimizes install-time risk.
Credentials: okOnly one required environment variable (CREDITCLAW_API_KEY) is declared and used in the instructions. That single credential is proportionate to a payment API integration and is declared as the primary credential.
Persistence & Privilege: noteThe skill does not force permanent inclusion (always: false). The instructions encourage storing files in ~/.creditclaw and running periodic heartbeats; these are user-driven actions. Be mindful that periodic polling (if configured) will repeatedly use the API key and generate network requests — this increases blast radius only if you choose to install/run those routines.