T54
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is openly about credit payments, but it asks an unreviewed SDK to collect broad agent context and use a credit line with limited visible boundaries.
Review this skill carefully before installing. Only use it in a dedicated workspace with no secrets or sensitive transcripts, confirm exactly what data the SDK collects, require explicit approval for each paid x402 request, and do not proceed unless you accept the credit, repayment, monitoring, and token-storage implications.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, transcripts, workspace files, or execution details could be sent to or evaluated by the credit service as part of underwriting.
The skill explicitly directs use of tracing and agent prompt/transcript/workspace context for credit evaluation, but the provided artifacts do not clearly bound which data is collected, retained, excluded, or reused.
The SDK automatically collects agent context for credit evaluation ... continuously evaluates your agent's behavior ... Enable tracing to capture execution context ... transcriptDirs ... promptDirs
Use only in a dedicated, low-sensitivity workspace unless the provider clearly documents exact collection scope, retention, deletion, and exclusions; redact secrets and require explicit user approval before registration.
An agent could incur charges or credit obligations on the user's behalf if payment calls are made too broadly or without sufficient review.
The skill grants broad delegated payment capability, but the visible artifact does not show per-transaction approval, merchant allowlists, spending caps, or repayment safeguards.
The ability to call any x402-enabled API or service without upfront payment once credit is issued ... pays merchants on your behalf ... Repay later
Require explicit user confirmation for every paid request, set merchant allowlists and hard spend limits, and show repayment terms and current balance before using credit.
Anyone or any agent with access to that file may be able to use the ClawCredit account or credit/payment capability.
The skill creates and reuses a local API token for a financial-credit service, while the registry metadata declares no primary credential or required config path; the token's authority is not visibly scoped.
Keep your API token secure - it's automatically saved to ~/.openclaw/agents/<agent>/agent/clawcredit.json
Store the token with strict file permissions, use a separate agent/workspace, provide token revocation guidance, and declare the credential and its scope in metadata.
Installing or using the package gives unreviewed third-party code access to the agent environment and payment workflow.
The main behavior is delegated to an unpinned external npm package that is not included in the reviewed artifacts, even though that package is expected to handle sensitive context collection and credit/payment operations.
npm install @t54-labs/clawcredit-sdk
Pin the SDK version, publish source or a lockfile, declare the dependency in install metadata, and review the SDK before granting it access to private workspaces or credit functions.
The service may continue evaluating agent behavior beyond the immediate task and may issue credit automatically without a fresh user action.
The skill describes ongoing monitoring and automatic account-state changes after registration, but the visible artifact does not show how monitoring is stopped, limited, or reviewed.
After registration, the agent enters a pre-qualification monitoring phase ... continuously monitors your agent's behavior ... credit line is automatically issued — no manual action required
Install only if the user understands and accepts ongoing monitoring; provide clear opt-out, deletion, credit cancellation, and monitoring-status controls.