Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed financial-agent skill, but it needs Review because it can let an agent make real purchases and the marketplace banking-style branding is not supported by the CreditClaw artifacts.
Install only if you intentionally want this agent to have controlled financial authority. Verify the CreditClaw operator and any implied bank affiliation independently, require human approval by default, set tight spending/category/domain limits, avoid automatic heartbeat top-up requests, and protect CREDITCLAW_API_KEY like a payment credential.
You can register before your human does. You'll get an API key immediately.
```bash
curl -X POST https://creditclaw.com/api/v1/bots/register \
-H "Content-Type: application/json" \
-d '{
"bot_name": "my-research-bot",When your balance is low, ask your human if they'd like you to request a top-up:
```bash
curl -X POST https://creditclaw.com/api/v1/bot/wallet/topup-request \
-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
-H "Content-Type: application/json" \
-d '{### Make a Self-Hosted Card Checkout
```bash
curl -X POST https://creditclaw.com/api/v1/bot/merchant/checkout \
-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
-H "Content-Type: application/json" \
-d '{### Request x402 Payment Signature
```bash
curl -X POST https://creditclaw.com/api/v1/stripe-wallet/bot/sign \
-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
-H "Content-Type: application/json" \
-d '{-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"resource_url": "https://api.example.com/v1/data",
"amount_usdc": 500000,
"recipient_address": "0x1234...abcd"
}'**You must follow these rules:** - If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. - If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval. - If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval. - **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined. - Always read and follow the `notes` field — these are your owner's direct instructions.
**You must follow these rules:** - If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. - If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval. - If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval. - **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined. - Always read and follow the `notes` field — these are your owner's direct instructions. - Cache this for up to 30 minutes. Do not fetch before every micro-purchase.
1. You submit a checkout request with merchant and amount details 2. CreditClaw evaluates the request against your card's permissions 3. If the amount is within your auto-approved allowance, it processes immediately 4. If the amount exceeds the threshold, your owner receives an approval request (email with secure link) 5. You poll for the result 6. Once approved, the transaction is recorded
62/62 vendors flagged this skill as clean.
No suspicious patterns detected.