fintech-specialist
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ah-fintech-specialist Version: 1.0.0 The skill bundle provides a comprehensive persona and high-quality implementation examples for a fintech specialist. The code in references/examples.md follows industry security best practices, including AES-256-GCM encryption, Zod input validation, audit logging, and reentrancy guards in the Solidity example. No indicators of data exfiltration, malicious execution, or prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If adapted carelessly, the example code could interact with real payment systems or financial records.
The reference material demonstrates payment API integration and payment-processing logic. This is aligned with a fintech specialist skill, but these patterns are high-impact if a user copies and runs them with live credentials.
const stripe = new Stripe(config.stripe.secretKey, ...); ... async processPayment(request: any)
Use examples only with test credentials and explicit human review before any production payment, transfer, or account mutation.
If the redacted value is a real secret, anyone with the skill package could misuse or leak access to an associated service or account.
The static scan reports this as a hardcoded API secret or token. A reference-only fintech skill should not include real credential material, and the metadata declares no required credentials.
clientSecret: [REDACTED],
Inspect references/examples.md before installing or sharing, remove any real secrets, rotate/revoke exposed credentials, and replace literals with environment-variable placeholders.