ClawHub
Back to skill
v1.0.0

Claw Credit by t54

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

This skill is a disclosed credit-payment integration, but it gives an agent ongoing payment authority and asks for sensitive code, prompt, transcript, and trace data, so it deserves careful review before installation.

GuidanceReview this skill like a financial integration, not a simple helper. Before installing, confirm the SDK's provenance, understand the credit and repayment terms, require explicit approval for each paid call, set spending limits, and use an isolated workspace with only the code, prompts, and transcripts you are willing to submit for audit.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
The ability to call any x402-enabled API or service without upfront payment

The skill grants broad credit-funded service access. The artifacts do not show explicit user confirmation, spend limits, merchant scoping, or other guardrails before paid x402 calls.

User impactAn agent could incur paid API usage or debt through the user's ClawCredit line if payment calls are made too broadly or without review.
RecommendationOnly use this with explicit per-payment approval, clear spending limits, merchant allowlists, and a way to inspect repayment and dispute terms before enabling agent-driven payments.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
SKILL.md
npm install @t54-labs/clawcredit-sdk

The skill depends on an external npm SDK with no version pin in the visible instructions. Installing an SDK is expected for this integration, but provenance matters because the SDK handles payment authority and sensitive audit data.

User impactA compromised, changed, or impersonated package could access the same sensitive traces, code, prompts, and payment token that the integration needs.
RecommendationVerify the package publisher and source, pin a reviewed version, inspect package permissions and install scripts, and avoid running it in a workspace containing unrelated secrets.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Keep your API token secure - it's automatically saved to `~/.openclaw/credentials/clawcredit.json`

The skill creates a persistent local credential for a credit/payment service and later instructs loading it to continue using the credit account.

User impactAnyone or any agent with access to that credential file could potentially use the associated credit line until the token is revoked or constrained.
RecommendationProtect the credential file, use the least-privileged token available, rotate or revoke tokens when not needed, and require user confirmation before using saved payment credentials.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityHighConfidenceHighStatusConcern
SKILL.md
Enable tracing to capture reasoning and execution context

The skill also instructs setting transcript and prompt directories and says the SDK auto-collects prompt and environment details, which can include sensitive system prompts, user conversations, code, and local context.

User impactPrivate prompts, session transcripts, core code, reasoning traces, and environment details may be exposed to the credit provider during registration or underwriting.
RecommendationUse a minimal isolated workspace, redact secrets and private conversations, restrict transcript and prompt directories, and understand the provider's retention and reuse policy before submitting audit materials.