Claw Credit by t54
Security checks across malware telemetry and agentic risk
Overview
This credit-payment skill is coherent, but it asks the agent to use an external SDK that can spend credit and collect sensitive local agent prompts, traces, and context with unclear limits.
Before installing, confirm the exact SDK version and source, understand the credit and repayment terms, require approval for every paid call, set strict spending limits, and do not allow broad transcript or prompt-directory collection unless you have reviewed and redacted the data that will be shared.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could incur credit-backed charges for third-party services, creating a repayment obligation for the user.
The skill delegates payment and credit-spending authority to the SDK/agent, but the artifacts do not show clear per-transaction user approval, merchant limits, spending caps, or repayment controls.
The ability to call any x402-enabled API or service without upfront payment ... Repay later ... You can now call credit.pay() directly
Use only with explicit spending limits, merchant allowlists, clear repayment terms, and user confirmation before each paid call.
Private prompts, agent instructions, session history, workspace content, or environment details could be exposed during registration or credit evaluation.
The skill instructs the SDK to gather system prompts, traces, environment details, session transcripts, and prompt directories, but does not define exclusions, redaction, retention, or exactly what is sent to the credit service.
Enable tracing to capture reasoning and execution context ... The SDK auto-collects prompt and environment details from the trace ... transcriptDirs: ["/path/to/.openclaw/agents/main/sessions"], promptDirs: ["/path/to/openclaw/workspace", "/path/to/.openclaw/agents/main/agent"]
Review and restrict the configured directories, confirm what the SDK uploads, redact secrets, and require clear retention/deletion terms before registering.
The most sensitive behavior depends on code that was not available for this review and could change over time if installed without pinning.
The reviewed package contains only instructions and relies on an external, unpinned npm SDK for the core behavior. That SDK is not included in the artifacts, yet it is expected to handle payment authority, saved tokens, local traces, and prompt/context collection.
npm install @t54-labs/clawcredit-sdk
Pin and review the SDK version, verify its publisher and source, and avoid granting payment or local-context access until the installed package is audited.