Skillv1.3.2

ClawScan security

CreditClaw - Give your Claw Agent a credit card - spend anywhere · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 8:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's claims, required credential, and runtime instructions are consistent with a payment/checkout integration for agents — it only requires a single CreditClaw API key and talks to creditclaw.com endpoints.
Guidance: This skill appears internally consistent for letting an agent make purchases through CreditClaw. Before installing: 1) Only provide a CREDITCLAW_API_KEY you trust — create a limited-scope key if possible and rotate it if compromised. 2) Keep the agent's approval_mode restrictive (ask-for-everything) until you trust its behavior so it cannot spend without your sign-off. 3) Review the remote docs (https://creditclaw.com) yourself before using the provided curl-save commands; saving remote files to ~/.creditclaw/skills persists content that could change if the site is compromised. 4) Do not paste the API key into other services or prompts; follow the skill's own guidance to only send it to creditclaw.com. If you need greater assurance, request source or a privacy/security policy from the vendor (creditclaw.com) or limit the agent to manual, human-invoked flows only.

Review Dimensions

Purpose & Capability: okThe skill is a payment/checkout helper and only requires CREDITCLAW_API_KEY and access to creditclaw.com APIs; that credential is exactly what a remote payment service would need. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to call CreditClaw endpoints (GET /bot/status, POST /bot/merchant/checkout, stripe-wallet endpoints, etc.) and to include Authorization: Bearer $CREDITCLAW_API_KEY. It also suggests optionally downloading the skill files into ~/.creditclaw/skills (via curl), which writes remote content to disk — this is outside pure in-memory operation but is consistent with storing companion docs. There are no instructions to read unrelated local files or send the API key to domains other than creditclaw.com (the document explicitly warns against that).
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute. The only potentially persistent action shown is optional curl commands to fetch docs from creditclaw.com; those downloads come from the skill's stated homepage and are not arbitrary or obfuscated URLs.
Credentials: okOnly one environment variable (CREDITCLAW_API_KEY) is required and marked as primary; that is appropriate and proportionate for a remote payment API. The SKILL.md uses that single credential for Authorization headers and does not reference other secrets.
Persistence & Privilege: noteThe skill is user-invocable and not always-on. It does suggest saving files into the user's home (~/.creditclaw/skills) which creates persisted documentation on disk. Autonomous invocation is allowed by default (platform normal), so consider whether you want the agent to have any ability to act without immediate human confirmation — however the skill's default described behavior (approval_mode: ask_for_everything) is conservative.