Back to skill

Security audit

VenmoClaw - Give your Claw Agent a credit card - They can spend anywhere or request payment

Security checks across malware telemetry and agentic risk

Overview

This is a real-money shopping and payment skill with disclosed safeguards, but it needs Review because it can expose payment-card material and has under-scoped storage and consent guidance.

Install only if you intend to authorize an agent for real-money commerce. Keep per-purchase approval enabled at first, store CREDITCLAW_API_KEY and webhook secrets in a secrets manager, avoid the main-agent encrypted-card fallback, review any remotely fetched Stripe x402 companion file before use, and keep encrypted card files out of shared or synced folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports collecting and transmitting buyer personal data such as recipient_email, buyer_email, and optionally buyer names, but it provides no privacy notice, data-minimization guidance, retention guidance, or warning about handling regulated personal data. In a payment workflow, this omission is meaningful because agents may operationalize collection and sharing of PII without informing users or restricting exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document describes a flow that can place real purchase orders and send shipping address data to external infrastructure, but it does not clearly warn the operator at the point of use that this triggers real-world spending and disclosure of personal data to CreditClaw, Crossmint, and merchants. In a shopping/payment skill, missing explicit consent and privacy warnings increases the risk of unintended purchases and inadvertent transmission of sensitive address information.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to save a self-contained encrypted card artifact to local disk without explicit safeguards around filesystem permissions, secure enclave storage, encryption at rest, or operator consent. Even though the file is encrypted, it is durable payment material that can be copied, exfiltrated, backed up, or later decrypted if the associated workflow is compromised, so persisting it increases the attack surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly enables online purchasing and funded wallet usage, but it does not include any clear warning in the manifest metadata that the skill can spend money or initiate transactions. This is dangerous because users or hosting platforms may install or authorize the skill without understanding that it can perform real financial actions, increasing the risk of unintended purchases or abuse if the agent is misdirected or compromised.

External Transmission

Medium
Category
Data Exfiltration
Content
The sub-agent calls this endpoint to retrieve the one-time decryption key:

```bash
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "checkout_id": "r5chk_abc123" }'
Confidence
89% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "checkout_id": "r5chk_abc123" }' ``` **Re

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.