Spritz Fiat Rails
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is largely coherent for Spritz payments, but it handles irreversible money movement and the supplied scan reports a hidden prompt-injection-style signal in SKILL.md.
Review the hidden prompt-injection signal before installing. If you use this skill, verify it against official Spritz documentation, store the API key securely, set wallet/API limits where possible, and require direct user confirmation for every bank-account change and payment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the hidden instruction were trusted by an agent, it could undermine the visible safety rules around payment confirmation.
A hidden or removed SKILL.md section with a prompt-override pattern is materially concerning in a skill that can guide irreversible financial transfers. The exact text is unavailable, so this is a Review concern rather than a malicious finding.
Pre-scan injection signals: `ignore-previous-instructions`; `hiddenCommentBlocksRemoved`: 1
Inspect or republish the skill without hidden comments or prompt-override language before using it for payments.
A mistaken or unauthorized execution could send crypto and initiate an irreversible off-ramp payment.
The skill documents a chained financial workflow: create a Spritz payment, receive a deposit address, then use a wallet to transfer crypto. This is expected for the stated purpose but high-impact if misused.
Create payment `/v1/payments` ... `The agent must then send the specified crypto amount to that address using its own wallet.`
Require explicit user confirmation of amount, destination, network, token, and bank account before creating payments or sending crypto; use wallet spending limits where possible.
Anyone or any agent path with access to the key could manage bank destinations and initiate payment flows in the Spritz account.
The required API key has broad payment and bank-account authority. This is purpose-aligned and disclosed, but it is sensitive financial access.
`SPRITZ_API_KEY` can: - Create payments to any saved bank account - Add and remove bank accounts - View payment history and bank account details
Store the key securely, rotate it if exposed, avoid sharing it with other skills, and use the narrowest Spritz permissions or account controls available.
Users have less registry-level assurance that the instructions correspond to an official or maintained Spritz integration.
The skill is instruction-only, so there is no executable package to inspect, but the registry provenance and credential declarations are incomplete for a financial API integration.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none
Verify the endpoints and setup steps against official Spritz documentation, and update metadata to declare the SPRITZ_API_KEY requirement.