Payment Gateway Optimizer
PassAudited by ClawScan on May 13, 2026.
Overview
The visible skill is an advisory payment-gateway comparison template with no executable code or install step, but users may share confidential business metrics and should not provide real API keys unless necessary.
This appears safe as an instruction-only advisory skill. Before using it, decide how much payment-volume and gateway information you are comfortable sharing, avoid providing production API keys or secrets, and independently verify current gateway fees and regional payment-method data before making business changes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sharing detailed payment volume, revenue mix, and gateway information could expose confidential business data if copied into an untrusted or shared environment.
These inputs are commercially sensitive payment and business details that would be placed into the agent's working context to produce the comparison.
Collect the core metrics that drive gateway selection: - Monthly transaction volume (count and GMV) - Average order value and value distribution - Target markets ... - Current gateway and pain points - Technical stack
Provide only the minimum data needed, anonymize exact figures when possible, and review any generated report before sharing it.
If real gateway keys are later pasted into the agent or a generated document, they could grant access to payment infrastructure.
The roadmap anticipates payment-gateway API keys during implementation; API keys are privileged credentials, although the artifacts do not instruct the agent to collect, store, or use them.
| Phase 1: Setup | Weeks 1-2 | [Sandbox, API keys, testing] | [All test transactions pass] |
Use sandbox or restricted keys for planning and testing, avoid pasting production secrets into chat, and rotate any key that is accidentally shared.