Back to skill
Skillv1.0.2
ClawScan security
payrail402 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 1:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested environment variables are consistent with a transaction-tracking integration and do not request unrelated credentials or system access.
- Guidance
- This skill appears coherent and limited to reporting agent transactions to the PayRail402 API. Before installing: 1) Verify you trust the service endpoint (the code defaults to a railway.app host while README refers to payrail402.com); confirm the TLS certificate and operator. 2) Use the least-privilege credentials: prefer a per-agent webhook token for single agents, and create scoped API keys for multi-agent setups. 3) Avoid sending sensitive payment data (full card numbers, unmasked PII) in the description or metadata — only send the minimal transaction fields required. 4) Rotate keys/tokens regularly and limit webhook token reuse across agents. 5) If you need stronger assurance, contact the operator or verify the npm SDK / homepage references exist (the README references an npm package and docs) and audit the remote API behavior on a test account before giving production tokens.
Review Dimensions
- Purpose & Capability
- okThe name/description (agent spend tracking across payment rails) aligns with the declared env vars (webhook token, API key, agent ID) and the tools provided (track, register, status). Requested credentials map to the described auth flows (webhook token for single-agent ingest; API key + agent ID for multi-agent/status).
- Instruction Scope
- okSKILL.md and openclaw-skill.js instruct only HTTP requests to the service endpoint and tool calls for tracking/registration/status. The instructions do not ask the agent to read files, execute shell commands, or access other unrelated environment variables or system state. The code only constructs JSON HTTP requests and returns responses.
- Install Mechanism
- okThere is no install spec (instruction-only skill with a single JS file). Nothing in the package pulls arbitrary executables or downloads code at install time. The skill relies on runtime HTTP calls only.
- Credentials
- okThe three required env vars are proportionate: a per-agent webhook token (primary credential) or an API key + agent ID for multi-agent setups. The agentId is documented as a non-secret identifier. No unrelated secrets or broad cloud credentials are requested.
- Persistence & Privilege
- okThe skill is not marked always:true and does not modify other skills or system-wide settings. It asks for no persistent system-level privileges beyond normal skill configuration.