Skillv1.0.14

ClawScan security

asndurl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 1:58 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a CLI wrapper to enable agent payments) but grants an agent the ability to make autonomous payments and relies on an external npm-distributed binary you should verify before use.
Guidance: This skill is coherent for enabling CLI-driven agent payments, but it grants the agent the ability to create keys and make payments. Before installing: 1) Verify the npm package @ampersend_ai/ampersend-sdk@0.0.14 is from a trusted publisher and inspect its code/release on the registry. 2) Run ampersend --version after install and confirm behavior in an isolated/test environment first. 3) Use the --inspect option and strict per-transaction/daily limits; prefer manual approval for real funds. 4) Do not give the agent access to any browser or account where you would approve payments for it; follow the SKILL.md warning. 5) Confirm where agent keys/tokens are stored and ensure they are isolated from your primary wallets/accounts. If you are uncertain about the npm package or key storage, treat this as higher risk and avoid enabling autonomous payments until you can audit the CLI.

Review Dimensions

Purpose & Capability: okThe name/description (Ampersend CLI for agent payments) aligns with the declared requirement (the ampersend binary) and the SKILL.md commands (setup, fetch, config). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteThe instructions are narrowly focused on installing and using the ampersend CLI (setup, fetch, config). They do instruct the agent to create keys and request approvals and to show the user_approve_url to the user. The doc cautions against signing into an Ampersend dashboard in a browser the agent can access, but the skill does enable autonomous payments — the SKILL.md does not specify where generated keys/tokens are stored or how long tokens are valid, which is relevant to risk.
Install Mechanism: noteNo install spec is bundled with the skill (instruction-only), which is low risk. The SKILL.md recommends installing a scoped npm package (@ampersend_ai/ampersend-sdk@0.0.14) globally. That is a typical distribution channel but you should verify the npm package publisher, version, and integrity before running a global install.
Credentials: okThe skill declares no required environment variables or external credentials, which matches the instructions (setup generates agent keys). However, because the setup flow generates keys/tokens and can enable autonomous spending, confirm where those keys are stored and that they are isolated from other accounts.
Persistence & Privilege: notealways:false (no forced permanent inclusion). The skill is invocable by the agent (normal), which combined with payment capabilities increases risk: an autonomous agent could initiate payments within configured limits without manual approval. The SKILL.md includes an inspect flag and approval flow, but rely on user controls and limits.