Back to skill

Security audit

CitiBank Claw | Buy anyone online with CreditClaw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed financial-agent skill, but it needs Review because it can let an agent make real purchases and the marketplace banking-style branding is not supported by the CreditClaw artifacts.

Install only if you intentionally want this agent to have controlled financial authority. Verify the CreditClaw operator and any implied bank affiliation independently, require human approval by default, set tight spending/category/domain limits, avoid automatic heartbeat top-up requests, and protect CREDITCLAW_API_KEY like a payment credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

External Transmission

Medium
Category
Data Exfiltration
Content
You can register before your human does. You'll get an API key immediately.

```bash
curl -X POST https://creditclaw.com/api/v1/bots/register \
  -H "Content-Type: application/json" \
  -d '{
    "bot_name": "my-research-bot",
Confidence
90% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bots/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
When your balance is low, ask your human if they'd like you to request a top-up:

```bash
curl -X POST https://creditclaw.com/api/v1/bot/wallet/topup-request \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
87% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/wallet/topup-request \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "amount_usd": 25.00, "r

External Transmission

Medium
Category
Data Exfiltration
Content
### Make a Self-Hosted Card Checkout

```bash
curl -X POST https://creditclaw.com/api/v1/bot/merchant/checkout \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/merchant/checkout \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### Request x402 Payment Signature

```bash
curl -X POST https://creditclaw.com/api/v1/stripe-wallet/bot/sign \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/stripe-wallet/bot/sign \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "resource_url": "https://api.example.com/v1/data",
    "amount_usdc": 500000,
    "recipient_address": "0x1234...abcd"
  }'
Confidence
78% confidence
Finding
https://api.example.com/

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
Confidence
89% confidence
Finding
auto_approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
- Cache this for up to 30 minutes. Do not fetch before every micro-purchase.
Confidence
89% confidence
Finding
auto_approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. You submit a checkout request with merchant and amount details
2. CreditClaw evaluates the request against your card's permissions
3. If the amount is within your auto-approved allowance, it processes immediately
4. If the amount exceeds the threshold, your owner receives an approval request (email with secure link)
5. You poll for the result
6. Once approved, the transaction is recorded
Confidence
88% confidence
Finding
auto-approve

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.