Clawpay
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Clawpay's payment workflow is understandable, but it needs review because it can handle crypto payment requests with an unsafe default recipient and unclear account controls.
Before installing, verify the service and replace the zero default recipient with your intended wallet or require pay_to every time. Do not let the agent create or share payment links without confirming amount, currency, recipient, and request ID, and avoid heartbeat automation unless you have clear request scoping.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A payer could complete a real crypto payment using a bad default recipient, potentially causing funds to be misdirected or lost.
SKILL.md says a default receiving address in skill.json can be used so the sender does not need to provide one each time; the included default is the all-zero address, which is unsafe for a payment destination.
"default_pay_to": "0x0000000000000000000000000000000000000000"
Do not rely on the included default. Require an explicit, nonzero pay_to address and human confirmation of amount, currency, recipient, and payment link before creating or sharing payment requests.
The agent may not have a clear boundary for which payment requests it can see or act on, increasing the chance of mixing up requests or acting on data outside the intended account context.
The heartbeat workflow lists pending payment requests without showing an Authorization header, account filter, or pay_to scope; the registry metadata also declares no required credentials, leaving request visibility and account boundaries unclear.
curl "https://clawpay.ai/v1/requests?status=pending"
Use only request IDs you explicitly created or verified, and prefer a version of the API/workflow that authenticates and scopes requests to the correct user, wallet, or account.
Any delivered result may be shared with or stored by the payment service, so sensitive work product could leave the local agent environment.
The delivery step sends an arbitrary result payload to Clawpay's external API for agent-to-agent or human-to-agent exchange.
curl -X POST https://clawpay.ai/v1/requests/<request_id>/deliver \
-H "Content-Type: application/json" \
-d '{"payload":"<payload>"}'Only deliver payloads you are comfortable sending to Clawpay, and avoid including secrets, private documents, or unnecessary personal information.
If enabled, the agent may periodically contact the payment service and take delivery actions after the initial task.
The skill explicitly supports recurring heartbeat activity to poll payment status and optionally deliver results.
Run this on your heartbeat to check paid requests and deliver results.
Enable heartbeat use only when you want ongoing payment monitoring, and keep a clear list of request IDs that the agent is allowed to track.
A future manual install could pull changed instructions from the website rather than exactly the files reviewed here.
The documented local install fetches live skill files from remote URLs without a pinned version or integrity check. This is user-directed and not automatically executed, but the installed instructions could differ from the reviewed artifact.
curl -s https://clawpay.ai/skill.md > ~/.openclaw/skills/clawpay/SKILL.md
Install from a trusted, pinned release when possible, and review downloaded files before enabling the skill.