CreditClaw - Give your Claw Agent a credit card - spend anywhere
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a legitimate-looking payment integration, but it can let your agent spend real money automatically within configured limits, so it needs careful review.
Use this skill only if you genuinely want your agent to make purchases or payments. Before enabling it, configure strict spending caps, require human approval where possible, use merchant/domain allowlists, keep the API key secret, review any remotely fetched guide files, and monitor all transactions from the CreditClaw dashboard.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken task, prompt injection, or over-broad agent goal could cause real spending within the owner's configured limits, including subscriptions or purchases at online merchants.
The skill instructs the agent to use a checkout API for broad merchant purchases, and purchases can complete without per-transaction human approval when within configured allowance.
Use this rail for: Any online store ... If the amount is within your auto-approved allowance, it processes immediately
Install only if you intentionally want the agent to make purchases. Use ask-for-everything approval, low transaction and daily caps, merchant allowlists, blocked categories, and transaction monitoring.
If the key is exposed in logs, prompts, shell history, or to another domain, someone else may be able to spend from the owner's CreditClaw wallet.
The required API key is a high-impact payment credential. The artifact does warn to send it only to creditclaw.com, which makes this purpose-aligned but sensitive.
Your API key is your identity. Leaking it means someone else can spend your owner's money.
Store the key as a secret, avoid echoing or logging it, restrict it to CreditClaw API calls, and rotate it if there is any chance it was exposed.
A payment header sent to the wrong resource or recipient could authorize payment to an unintended party.
The skill supports sending payment authorizations to external services and other agents. This is disclosed and purpose-aligned, but users should verify recipient and domain controls.
Use this rail for: x402-enabled services, agent-to-agent payments ... returns an `X-PAYMENT` header ... retry your original request with the `X-PAYMENT` header
Enable domain allowlists, verify recipient addresses and requested amounts, and avoid agent-to-agent payments unless you explicitly need them.
Remote notes could influence the agent's behavior beyond a single purchase if treated as broad instructions.
The agent is told to cache and follow instructions returned by the remote spending-permissions endpoint. That is likely intended owner control, but it should remain scoped to spending decisions.
Cache this response for up to 30 minutes ... `notes` — read and follow these; they are direct instructions from your owner
Treat returned notes as payment-policy guidance only, and do not let them override the user's current task or core safety rules.
Additional fetched documentation could change the agent's shopping workflow after this review.
The skill suggests fetching additional remote skill documentation files, including referenced files that are not included in the reviewed manifest. This is documentation, not executable code, but it means not all operational guidance was reviewed here.
curl -s https://creditclaw.com/creditcard/shopping.md > ~/.creditclaw/skills/creditcard/SHOPPING.md
Review any remotely fetched files before use, especially purchase-flow guides, and prefer pinned or versioned artifacts when available.
If scheduled, the agent may keep making periodic CreditClaw API calls and may prompt for top-ups when balances are low.
The artifact suggests recurring status and spending-permission checks. There is no bundled daemon or persistence code, so this is a user-directed operational routine rather than hidden persistence.
# CreditClaw Heartbeat (suggested: every 30 minutes) Run this routine periodically
Only schedule the heartbeat if you want ongoing wallet monitoring, and keep it within the documented rate limits.