Back to skill
Skillv1.0.0
ClawScan security
TicketClaw - Buy tickets to any event · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 8:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package claims to be a 'TicketClaw' ticket-buying skill but the provided files and runtime instructions are for a payment-shopping service (CreditClaw); the requested credential (CREDITCLAW_API_KEY) and API usage are consistent with a wallet/service, but the name/packaging mismatch and instructions to download remote skill files from creditclaw.com are unclear and merit caution.
- Guidance
- The files implement a CreditClaw shopping/wallet API but the skill is labeled 'TicketClaw' in the registry — that's the main red flag. Before installing: 1) Verify the publisher and homepage (does the seller actually operate creditclaw.com or 'TicketClaw'?), 2) Confirm you intended to grant CREDITCLAW_API_KEY to this skill and create a dedicated, limited-funds key/account if possible, 3) Do not run the curl install commands blindly — review downloaded files before saving/executing, 4) Prefer manual, read-only use first (use the documented endpoints from a separate client) to validate behavior, 5) Consider disabling autonomous invocation or restricting the agent's ability to act without explicit owner approval while you verify, and 6) If you can't reconcile the name/metadata mismatch with the vendor, do not install.
Review Dimensions
- Purpose & Capability
- concernThe skill as advertised in the request metadata (TicketClaw — Buy tickets) does not match the actual SKILL.md and other files, which implement 'creditclaw-creditcard' shopping/wallet functionality. The homepage and API base point to creditclaw.com, not a ticket-specific service; this repackaging/rename is an unexplained inconsistency and could indicate sloppy metadata or intentional relabeling.
- Instruction Scope
- noteThe SKILL.md gives explicit runtime instructions to call creditclaw.com endpoints (expected for a payment agent) and includes optional curl commands to download and save multiple remote files into ~/.creditclaw/skills. Calling the documented endpoints requires the CREDITCLAW_API_KEY (declared). The curl-based 'install' suggestions write remote content to disk — benign for documentation but risky if run blindly because remote content can change. The instructions also explicitly warn not to send the API key to other domains (good).
- Install Mechanism
- noteThere is no formal install spec and no code files; this is instruction-only (lower code-execution risk). However the SKILL.md suggests downloading multiple files from https://creditclaw.com into the user's home directory via curl. The download URLs are on the service's official domain (not a shortener or IP), which reduces but does not eliminate risk because fetched content could be updated later.
- Credentials
- okThe skill requests a single credential (CREDITCLAW_API_KEY) and declares it as the primary credential — this is proportionate for a payment/wallet integration. No unrelated secrets or system config paths are requested.
- Persistence & Privilege
- noteThe skill does not request always:true and allows normal autonomous invocation. The SKILL.md recommends saving files under ~/.creditclaw/skills which is limited to the user's home but does grant on-disk persistence of remote content; combined with autonomous invocation and a payment API key, this increases potential impact if the remote content or endpoints change maliciously.