Payment
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This payment plugin is mostly coherent and disclosed, but its irreversible machine-payment approval appears to omit key purchase details like amount and intent.
Install only if you want OpenClaw agents to help make purchases. Verify the official Stripe Link CLI, keep spending limits low, read every approval prompt, and be especially cautious with machine payments unless the prompt clearly shows the amount, currency, endpoint, and purchase purpose.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
61/61 vendors flagged this plugin as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be asked to approve an irreversible machine payment without the approval text clearly stating the exact cost or purchase purpose.
The visible critical approval for execute_machine_payment checks and describes the provider, target URL, method, and funding source, but not the amount/currency or purchase intent, even though the action is described as irreversible.
function describeExecuteApproval(params) { return `Execute machine payment via ${params.providerId} to ${params.targetUrl} (${params.method}). Funding source: ${params.fundingSourceId}. **This is irreversible** once settled.`; } ... requires providerId, targetUrl, method, fundingSourceIdBefore relying on machine payments, require the approval prompt and validation to include amount, currency, merchant/endpoint identity, and purchase intent; keep per-payment caps and avoid approving unclear payment prompts.
If enabled, the agent can initiate real payment flows, subject to the documented approval and biometric steps.
The plugin intentionally uses the user's payment account and funding sources to initiate purchases; this is purpose-aligned but grants meaningful financial authority.
`issue_virtual_card` ... Mints a single-use card with a per-card `maxAmountCents` cap ... `execute_machine_payment` ... Calls a remote HTTP 402 endpoint with an MPP authorization.
Enable only when you want agent-assisted purchases, review every payment approval carefully, use test mode where possible, and keep spending caps low.
A wrong or compromised `link-cli` on PATH would sit in the payment flow.
The payment runtime depends on a separately installed global CLI found via PATH. The documentation names the official source, but users must ensure the correct binary is installed.
`npm install -g @stripe/link-cli` ... `link-cli` must be resolvable on `PATH` — the plugin invokes it as a subprocess via `execFile("link-cli", […])`Install Stripe's official Link CLI from the documented source, verify its version, and avoid running the plugin in an environment with an untrusted PATH.
Future provider fields such as contact or profile values could become fillable into merchant pages if the agent uses those sentinel names.
Provider-sourced payment/profile strings can be reused through sentinel fill beyond a fixed list of card fields. This is disclosed, but it broadens the sensitive data surface.
Tier 3 — forward-compat extras: any string-typed top-level field on the provider response that isn't structurally captured by Tier 1/2. Adapters auto-pass-through these...
Review the merchant URL and fields before approving fill substitution, and prefer an explicit allowlist for any provider fields beyond card and billing data.