ClawHub

GoCardless Agentic Payment | Give your Agent a CreditCard with this Partner

Security checks across malware telemetry and agentic risk

Overview

This is a real CreditClaw payment-control skill, but its high-impact spending and card-handling powers plus provider-label ambiguity need human review before installation.

Install only if you intentionally trust CreditClaw, not just the GoCardless label, to handle payment credentials and agent spending. Use a dedicated low-limit account or payment method, keep ask-for-everything approval enabled unless you have a clear reason to relax it, store CREDITCLAW_API_KEY and webhook secrets only in a secrets manager, avoid logging Authorization headers or card data, and require explicit confirmation before purchases, invoice emails, public shop publishing, Crossmint orders, or card-decryption checkout flows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly supports collecting buyer names and emails, and invoice/sales responses include recipient and buyer email addresses, but it provides no guidance on data minimization, consent, storage, retention, or regulatory handling. In a payments context, omission of privacy and PII-handling precautions can lead agent builders to expose or mishandle customer data in logs, callbacks, or downstream systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples repeatedly show use of a bearer API key for payment operations but never warn that the credential is highly sensitive or should be kept server-side. In a financial skill, this omission is dangerous because agents or developers may embed the key in client-side code, prompts, logs, or shared artifacts, enabling unauthorized creation of payment pages, invoice sending, and access to sales data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs agents to send real-world purchase requests containing sensitive personal data, including full shipping address and authorization credentials, to an external API without a prominent warning about data disclosure and real financial consequences. In an agent-skill context, this increases the chance of unintended purchases, privacy exposure, and unsafe automation because operators may treat the example as routine API usage rather than a high-risk action.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest requests a financial API credential and points to a network API for payment and wallet operations, but provides no inline user-facing warning that installing or enabling the skill grants access to sensitive monetary actions. In this context, the omission is dangerous because an agent may be given live spending capability without clear disclosure of financial risk, credential sensitivity, or transaction side effects.

External Transmission

Medium
Category
Data Exfiltration
Content
Once the checkout is approved, call this endpoint to retrieve the one-time decryption key:

```bash
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "checkout_id": "r5chk_abc123" }'
Confidence
81% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "checkout_id": "r5chk_abc123" }' ``` **Re

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal