Skillv2.3.4

ClawScan security

VISA Virtual Cards | Manage compatible cards, wallets & payments · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 6:11 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are internally consistent with a payment/virtual-card management integration; it asks only for a CreditClaw API key and instructs the agent to call CreditClaw endpoints and handle ephemeral card data as described.
Guidance: This skill appears to be what it says: a CreditClaw payment/virtual-card integration that needs only CREDITCLAW_API_KEY. Before installing or enabling it for an autonomous agent, consider the following: - Treat CREDITCLAW_API_KEY like a sensitive secret and do not expose it anywhere else; follow the skill's warning. Rotate the key if you suspect leakage. - The agent will retrieve one-time decryption keys and decrypt card details in memory. Ensure your agent runtime can hold secrets securely and will not log or persist decrypted card data (PCI considerations). - By default the service uses approval_mode: ask_for_everything, but owners can change settings. If you plan to allow autonomous spending, require strict per-transaction and daily limits, domain allowlists, and require approval above small thresholds. - Test in sandbox / staging first (the docs reference sandbox/test flows) and monitor webhook logs, transaction history, and owner notifications. Restrict agent network access if you want to limit where it can send sensitive data. - If you need higher assurance, ask the skill publisher for an independent security / PCI attestation and confirm the real production domain and published API docs match these files.

Review Dimensions

Purpose & Capability: okName/description (virtual cards, wallets, payments) match the declared API base, endpoints, and required env var (CREDITCLAW_API_KEY). The documented endpoints (checkout, encrypted-card flow, stripe x402, top-ups, webhooks) are coherent with a payments/virtual-card management skill.
Instruction Scope: noteRuntime docs instruct the agent to perform sensitive operations (retrieve one-time AES-256-GCM decryption keys, decrypt card details in memory, complete checkouts, confirm results, poll status endpoints). That scope is expected for a checkout/virtual-card skill but requires the agent to handle raw card data in-memory and follow strict non-persistence rules (the docs explicitly warn not to store logs). Also the SKILL.md encourages fetching companion docs from creditclaw.com — harmless but implies network fetches of remote docs at runtime.
Install Mechanism: okInstruction-only skill with no install spec and no binaries to install — lowest-risk install mechanism. All calls are to creditclaw.com; no third-party download URLs or extract steps are present.
Credentials: okOnly CREDITCLAW_API_KEY is required and declared as the primary credential. That single API key is proportionate to the stated purpose. The docs explicitly warn never to send the API key to other domains.
Persistence & Privilege: notealways:false (normal). disable-model-invocation:false means the skill may be invoked autonomously (the platform default). Because this skill can spend real funds, autonomous invocation increases blast radius if owner-side guardrails are loosened — however the default account mode is documented as approval_mode: ask_for_everything and server-side guardrails are described. Users should be aware of the financial implications of enabling autonomous agents with this skill.