Back to skill
Skillv1.0.0
ClawScan security
Buy any shopify product with your claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 7:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are internally consistent with its stated purpose (making purchases via CreditClaw) — it only asks for a single service API key and instructs the agent to call creditclaw.com endpoints — but it enables real-money spending so you must trust the CreditClaw service before providing credentials.
- Guidance
- This skill appears to do what it claims: it makes authenticated calls to creditclaw.com to place purchases using a CREDITCLAW_API_KEY. Before installing or providing your API key, verify the legitimacy of creditclaw.com (company, privacy/payout policies, support), and only use an API key with spending limits or test funds if possible. Keep approval_mode set to require human approval for purchases until you fully trust the setup. Avoid pasting the API key into untrusted prompts or domains, and be cautious about following the SKILL.md's optional curl commands which will write remote content to your home directory.
Review Dimensions
- Purpose & Capability
- okThe skill claims to let an agent make purchases and only requires CREDITCLAW_API_KEY. All endpoints, examples, and files reference creditclaw.com and payment rails (prepaid wallet, self-hosted card, Stripe x402) that are consistent with the stated purpose. The metadata and SKILL.md identify the same API base and credential.
- Instruction Scope
- noteThe SKILL.md and companion files instruct the agent to perform network calls exclusively to creditclaw.com (POST/GET endpoints, polling, webhook guidance) and to confirm with the human before purchases. The instructions also suggest saving skill files locally by curling content from creditclaw.com into ~/.creditclaw/skills/creditcard — that is expected for an instruction-only skill but does involve writing externally fetched content to disk. The files do not instruct reading unrelated system files or other credentials.
- Install Mechanism
- okThere is no automated install spec or binary download. The only 'install' behavior is an optional manual curl-based fetch of documentation from creditclaw.com (the skill suggests saving SKILL.md and companion docs locally). This is lower risk than executing arbitrary downloaded binaries, but it still writes remote content to disk.
- Credentials
- okThe skill requires a single credential (CREDITCLAW_API_KEY) and declares it as primaryEnv. All example commands and endpoints use only that API key; no unrelated secrets or platform credentials are requested. The guidance includes explicit warnings not to send the API key to other domains.
- Persistence & Privilege
- notealways is false and model invocation is allowed (the default). The skill suggests storing docs under ~/.creditclaw/skills which would create persistent files if the agent follows those instructions. That file-writing behavior is expected for a local skill helper but is a persistent change to the agent environment and should be performed only if you trust the remote source.