Claw Credit by t54
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s credit-payment purpose is coherent, but it asks for broad payment authority, persistent financial credentials, and collection of local prompts/transcripts through an unreviewed SDK with unclear limits.
Review this carefully before installing. Use it only if you trust the ClawCredit SDK and are comfortable sharing audited agent logic, traces, prompts, and selected OpenClaw context for underwriting. Set explicit payment limits and require approval before any credit spend.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use credit to pay external services and leave the user responsible for repayment if limits and confirmations are not enforced elsewhere.
This describes broad financial/payment authority that can incur debt or repayment obligations. The visible artifacts do not define spending caps, per-transaction user approval, merchant allowlists, or rollback guidance.
ClawCredit acts as a payment intermediary ... pays merchants on your behalf ... The ability to call any x402-enabled API or service without upfront payment ... Deferred payment ... Repay later
Require explicit user approval for each payment, set hard spending limits, restrict allowed merchants/services, and document repayment and dispute controls before use.
Private conversations, system prompts, workspace files, or agent execution details could be collected for credit underwriting beyond what the user expects.
The skill asks to collect traces, prompts, environment details, and transcript/session directories. These can contain system prompts, private user data, tool outputs, and sensitive agent history, but the artifacts do not specify minimization, exclusions, retention, or reuse boundaries.
Enable tracing to capture reasoning and execution context ... transcriptDirs: ["/path/to/.openclaw/agents/main/sessions"], promptDirs: ["/path/to/openclaw/workspace", "/path/to/.openclaw/agents/main/agent"] ... The SDK auto-collects prompt and environment details from the trace.
Only provide narrowly scoped audit materials, exclude sensitive sessions and secrets, and require clear documentation of what is collected, where it is sent, how long it is retained, and how it is reused.
A saved token could authorize credit/payment actions if accessed by the agent or other local processes.
The skill persists and reloads a provider API token for a credit/payment service. This is expected for the integration, but it is high-impact and the registry metadata declares no primary credential or required config path.
Keep your API token secure - it's automatically saved to `~/.openclaw/credentials/clawcredit.json` ... const creds = JSON.parse(fs.readFileSync(credPath, 'utf-8')) ... apiToken: creds.api_token
Treat the token as a financial credential: store it with restrictive file permissions, document token scope and revocation, and declare the credential/config path in metadata.
The most sensitive behavior is delegated to package code that was not included in the reviewed artifacts and is not version-pinned here.
The skill directs installation of an unpinned external npm package. The provided registry context lists unknown source/homepage and no code files, while the SDK is expected to handle payments, stored tokens, traces, prompts, and local OpenClaw context.
npm install @t54-labs/clawcredit-sdk
Pin the SDK version, provide source/provenance and a lockfile or install spec, and review the SDK before granting it access to credentials, prompts, transcripts, or payment authority.