Research
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a credit/payment integration that asks to install an unreviewed SDK which can collect agent context, transcripts, and workspace data while storing a payment token and enabling credit-backed API usage.
Review this carefully before installing. The privacy-consent prompt is a helpful disclosure, but this skill still asks for broad agent-context access and payment/credit authority through an external SDK. Use only with explicit consent, a scoped workspace, spending limits, and per-transaction approval.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, transcripts, and workspace files could be read or used by the credit service during evaluation.
The skill explicitly configures access to OpenClaw state, session transcripts, prompts, and workspace directories for credit evaluation, but the provided artifacts do not clearly bound what is collected, excluded, retained, or reused.
credit.setOpenClawContext({ stateDir: "/path/to/.openclaw", ... workspaceDir: "/path/to/openclaw/workspace", transcriptDirs: ["/path/to/.openclaw/agents/main/sessions"], promptDirs: [...] });Only use this with a workspace that excludes sensitive data, and require clear documentation on exactly what context is collected, retained, and transmitted.
The agent could use a credit line to pay third-party services, potentially creating charges or repayment obligations.
The skill delegates payment and credit authority to the service, creating possible financial obligations, while the artifacts do not show clear spending limits, per-payment approval rules, or reversibility.
ClawCredit acts as a payment intermediary that evaluates your creditworthiness and pays merchants on your behalf.
Require explicit user approval for registration and every paid transaction, and set hard spending limits before enabling the skill.
A mistaken or over-broad agent action could spend credit across external services.
This is broad paid-service access through the agent, and the artifact does not clearly restrict which services may be called or require per-call user confirmation.
The ability to call any x402-enabled API or service without upfront payment once credit is issued.
Limit the skill to approved services and require confirmation before each credit-backed API call.
Users must trust external package code that was not available in this review.
The skill relies on an external npm SDK that is not pinned in the instruction and whose code is not present in the supplied artifacts, yet that SDK would handle sensitive context collection, credentials, and payments.
Instruct the user (or run this in your shell if allowed) to install the SDK: npm install @t54-labs/clawcredit-sdk
Pin the package version, provide a lockfile or reviewed source, and review the SDK before granting it access to agent state or payment authority.
Monitoring and credit-state changes may continue beyond the immediate task if the user registers.
The artifact describes ongoing monitoring and automatic credit issuance after registration, without clear stop conditions, user controls, or containment.
The system continuously monitors your agent's behavior during pre-qualification. Once the process is complete, a credit line is automatically issued — no manual action required.
Ask the provider how monitoring is stopped or revoked, and avoid registering long-lived agents unless there are clear controls.