MerchantGuard
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: merchantguard Version: 2.0.0 The OpenClaw skill 'merchantguard' is designed for security scanning and compliance. The `guard.py` script confirms that the `guard scan` functionality runs entirely locally, processing files with regex patterns for hardcoded secrets, sensitive access, prompt injection, network exfiltration, and PCI violations, without uploading any code or findings to remote servers, aligning with the claims in `SKILL.md`. All network communications are explicitly directed to `https://merchantguard.ai/api` for its stated purposes (e.g., mystery shopper, compliance coach, alerts), using standard HTTP requests. There is no evidence of malicious intent, unauthorized data exfiltration, backdoors, or prompt injection attempts against the AI agent itself within the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may treat the scan or certification as stronger assurance than the provided implementation supports.
The included local scanner evidence in guard.py shows a limited hard-coded regex pattern set, not artifact-backed evidence of 102 local checks. For a payment/sensitive-data compliance skill, overstated scan breadth can lead users to over-rely on its results.
GuardScan — Scan your code or skills directory for 102 security patterns ... Runs locally, nothing uploaded.
Treat results as advisory, verify critical payment and sensitive-data systems with independent security/compliance review, and ask the publisher to align claims with documented implemented checks.
If run on a broad directory, it may read and print findings about sensitive local files.
The scanner recursively reads user-selected directories, including potentially sensitive config files such as .env. This is purpose-aligned for a security scanner and the code says results stay local, but the path scope can be broad.
for filepath in scan_path.rglob("*") ... scan_extensions = {".py", ".js", ... ".env", ".sh", ".toml"}Run scans only on intended project directories and avoid scanning unrelated private folders unless necessary.
Agent endpoint details and business/compliance inputs may be shared with MerchantGuard when those commands are used.
Mystery Shopper sends agent identifiers and optional endpoint URLs to the MerchantGuard API, and other commands similarly send questions, merchant metrics, wallet addresses, or certification inputs. This is disclosed and purpose-aligned, but it crosses a provider boundary.
if endpoint:
payload["endpoint_url"] = endpoint
return api_call("POST", "/v2/mystery-shopper", payload, timeout=60)Do not submit confidential endpoints, merchant data, wallet identifiers, or compliance questions unless you trust MerchantGuard’s handling of that data.
Anyone with access to that environment variable could use the configured MerchantGuard account privileges.
The skill uses an optional MerchantGuard API key as a bearer token for provider API calls. This is expected for the service, but it is sensitive account authority.
API_KEY = os.environ.get("MERCHANTGUARD_API_KEY", "") ... HEADERS["Authorization"] = f"Bearer {API_KEY}"Store the API key securely, use the least-privileged/free-tier key where possible, and revoke or rotate it if exposed.
A user following manual install instructions depends on the remote site and package repository serving the expected files.
The manual install path downloads code from a remote site and installs a dependency without hashes or lockfile pinning. This is user-directed setup, not automatic execution, but provenance and integrity are not strongly bounded.
curl -LO https://merchantguard.ai/skills/guard/guard.py ... pip install requests
Prefer the registry-reviewed package when available, verify the source repository, and use pinned hashes or a lockfile for reproducible installs.