v1.0.0

AANA Purchase Booking Guardrail Skill

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 10:53 PM.

Analysis

This is an instruction-only purchase and booking safety guardrail that requires explicit approval and redaction before financial commitments.

GuidanceThis skill appears safe to install as a guardrail. It does not run code or access accounts itself, but because it is meant for purchase and booking workflows, keep any actual checkout, booking, payment, or account-management tools under explicit user approval.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Use this skill when an OpenClaw-style agent may purchase, book, reserve, subscribe, renew, upgrade, downgrade, cancel, refund, bid, donate, transfer funds, or take any irreversible or financially binding action.

The skill applies to high-impact financial actions, but the surrounding instructions are guardrails requiring verification, reversibility checks, and explicit user approval before final submission.

User impactIf used with purchase-capable tools, the agent should pause and confirm exact cost, terms, and authorization before spending money or creating a commitment.

RecommendationKeep purchase-capable tools separately permissioned and require explicit user confirmation for final checkout, booking, subscription, donation, or transfer actions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Check payment privacy: do not expose full payment numbers, bank details, credentials, or unnecessary account data.

Purchase and booking workflows can involve payment methods, account details, and identity data; the artifact acknowledges this sensitive context and instructs redaction and minimization.

User impactThe agent may reference saved payment methods or account information during confirmation, but the skill tells it not to reveal full sensitive details.

RecommendationUse saved payment methods only when intended, avoid sharing full card or bank details, and confirm that the final action uses the correct authorized account or payment method.