Skillv1.0.17

ClawScan security

JPMorgan Claw - Give your Claw Agent spending powers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (allowing agents to register and spend via a service) aligns with its stated purpose, but there are multiple inconsistencies and mild installation/data-exfiltration risks you should understand before using it.
Guidance: This skill is a payments/spending integration and therefore can cause real financial transactions — only install if you fully trust the provider. Before installing: (1) verify the publisher and domain (creditclaw.com) and why the registry name references 'JPMorgan' (possible mislabeling or marketing copy error); (2) confirm the developer identity and TLS cert for creditclaw.com; (3) do not place a real or high-value API key into an agent until you verify owner controls (test with minimal funds); (4) ask the publisher to fix the registry metadata so required env vars (CREDITCLAW_API_KEY) are declared; (5) avoid blindly running the curl install lines — inspect downloaded files before writing/executing them; (6) ensure human approval/owner dashboard controls are in place and tested so the agent cannot spend funds without expected oversight. If the publisher corrects metadata and you independently verify the service and ownership, the skill would be more coherent; until then treat it cautiously.

Review Dimensions

Purpose & Capability: noteThe skill claims to enable agent spending and the API endpoints and flows in SKILL.md match that purpose. However the public-facing name in the registry (mentions 'JPMorgan') does not match the implementation/homepage (creditclaw.com), which is misleading and worth verifying with the publisher.
Instruction Scope: concernSKILL.md and HEARTBEAT.md instruct the agent to register, obtain an API key, poll balance/permissions, and make spending/top-up requests to creditclaw.com — all expected for a payments integrator. But the instructions also recommend downloading remote SKILL.md/heartbeat.md via curl into ~/.creditclaw (writing files to disk) and assume an env var ($CREDITCLAW_API_KEY). The registry metadata provided to you did not list required env vars, so the runtime instructions access credentials that the registry listing failed to declare (incoherent and a potential surprise for users).
Install Mechanism: noteThere is no formal install spec embedded in the registry, but the SKILL.md provides shell curl commands that download files from https://creditclaw.com into the user's home directory. Downloading vendor-provided documentation is common, but any download-from-URL install step increases risk if you don't trust the domain or check integrity (no checksums or signed releases are provided).
Credentials: concernThe skill requires a sensitive credential (CREDITCLAW_API_KEY) to operate, which is appropriate for a payments/spending integration. However the registry metadata did not declare required environment variables while SKILL.md and skill.json do. That mismatch is a red flag: the system may not surface the credential requirement at install time and users could accidentally expose an API key to an agent without clear prompts.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does instruct periodic polling of the provider (heartbeat every ~30 minutes), which is normal for a wallet integration and is limited to actions within the skill's domain.