Spraay Payments
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Spraay looks like a real payments integration, but it gives the agent high-impact crypto-payment and external-service abilities without documented confirmation or spending limits.
Install only if you are comfortable giving your agent payment-related powers. Use a limited wallet, require manual confirmation for every payment, swap, approval, scheduled job, and outbound message, and avoid sending sensitive documents, KYC, tax, or payroll data unless you trust Spraay and its downstream providers.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated prompt could lead the agent to initiate an irreversible crypto payment, swap, approval, or notification before the user has reviewed the final details.
The example workflow makes sending a crypto batch payment an agent action step, but the artifacts do not add a required pre-send review for recipients, amounts, token, or chain.
Agent steps: ... Send batch payment via `/api/batch-payment` ... Send confirmation emails via `/api/email/send`
Require explicit user confirmation immediately before any payment, swap, approval, transfer, invoice mutation, or message send; show the exact recipients, amounts, chain, token, fees, and destination first.
If connected to a funded wallet, the agent may be able to spend funds for gateway calls and potentially initiate financial transactions using that delegated authority.
The skill expects delegated wallet/payment authority, but the artifacts do not define wallet scope, spending limits, approval policy, or which wallet should be used.
No API key needed. Payments are made per-request via x402 ... Your agent's wallet handles this automatically if you have a Coinbase CDP wallet or any x402-compatible facilitator.
Use a dedicated low-balance wallet, avoid broad token allowances, require manual signing for high-value actions, and configure spending limits before enabling this skill.
The agent could create ongoing jobs, webhooks, templates, or future payments that continue affecting accounts after the original conversation.
The documented API includes persistent or future-running actions, including scheduled jobs and scheduled payments, without describing containment, expiry, cancellation, or confirmation safeguards.
`/api/cron/create` | POST | Create scheduled job ... `/api/schedule/payment` | POST | Schedule future payment
Only allow scheduled jobs, webhooks, templates, and scheduled payments after explicit approval; require the agent to show how to list and delete them.
Sensitive business, financial, personal, or document content could leave the local environment and be processed or stored by third-party services.
The skill discloses that user prompts, documents, messages, payment details, KYC, tax, or audit data may be sent through the Spraay gateway and downstream providers.
**AI inference** — Pay-per-query AI chat via OpenRouter ... **Email/XMTP messaging** ... **IPFS storage** — Pin files to IPFS via Pinata ... **Compliance** — Audit trails, tax reports, KYC verification
Do not send private KYC, tax, payroll, reports, prompts, or webhook payloads unless you trust the gateway and downstream providers; review privacy and retention terms first.