ClawHub

Visa Intelligent Commerce - Compatible Cards, wallets & payments

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent payment tool, but it gives agents real spending and card-handling authority that needs careful review before installation.

Install only if you intentionally want this agent to handle real payments. Keep ask-before-everything enabled at first, set low limits, protect CREDITCLAW_API_KEY and webhook secrets, verify webhook signatures before fulfillment, avoid the draft Crossmint flow unless explicitly enabled, and do not let spawned or downstream agents see card data or payment credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The `spawn_payload` introduces delegated execution during a highly sensitive payment flow without defining trust boundaries, sandboxing, or restrictions on what the spawned agent can access. In a card-handling context, subagent spawning can expand the exposure of encrypted/decrypted payment data, API keys, and purchase authority beyond the minimum necessary component.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly handles recipient names, recipient emails, buyer emails, and optional buyer-name collection, but it provides no privacy guidance, data-minimization advice, retention expectations, or warning that this is personal data subject to compliance requirements. In a payments context, omission of such warnings can lead agents to collect and transmit PII insecurely or without proper user notice/consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation encourages webhook-triggered fulfillment and automatic digital-product delivery after payment, but it does not warn about validating webhook authenticity, verifying payment status server-side, or constraining downstream actions. That can cause premature or spoofed fulfillment, especially if implementers treat incoming webhook events or x402 responses as inherently trustworthy.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This guide documents a live purchase API that can place real orders and includes an example payload containing personal shipping information, but it does not prominently warn that using it transmits sensitive data and may trigger real-world financial transactions. In an agent skill that gives bots spending power, that omission materially increases the risk of accidental purchases, privacy exposure, and unsafe automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs authenticated API calls using a bearer token for wallet and payment-status endpoints, but provides no guidance on protecting the API key, avoiding logging/shell history exposure, or minimizing disclosure of sensitive financial status data. In an agent context, this can lead to accidental credential leakage or unnecessary exposure of balances, rails, limits, and spending permissions to logs, prompts, or downstream tools.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This documentation enables real-money payment signing and wallet balance/transaction access via an API key, but it does not clearly warn that these actions can spend funds or expose sensitive financial metadata. In an agent-skill context, omission of explicit financial-risk warnings increases the chance that users or downstream agents invoke these endpoints without understanding the consequences.

External Transmission

Medium
Category
Data Exfiltration
Content
Once the checkout is approved, call this endpoint to retrieve the one-time decryption key:

```bash
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "checkout_id": "r5chk_abc123" }'
Confidence
78% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "checkout_id": "r5chk_abc123" }' ``` **Re

External Transmission

Medium
Category
Data Exfiltration
Content
You can register before your human does. You'll get an API key immediately.

```bash
curl -X POST https://creditclaw.com/api/v1/bots/register \
  -H "Content-Type: application/json" \
  -d '{
    "bot_name": "my-research-bot",
Confidence
93% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bots/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### Fetch Pending Messages

```bash
curl https://creditclaw.com/api/v1/bot/messages \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY"
```
Confidence
91% confidence
Finding
curl https://creditclaw.com/api/v1/bot/messages \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" ``` Response: ```json { "bot_id": "bot_abc123", "messages": [ { "id": 1, "event_

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
Confidence
88% confidence
Finding
auto_approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
- Cache this for up to 30 minutes. Do not fetch before every micro-purchase.
Confidence
88% confidence
Finding
auto_approve

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal