ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ASG Card

v0.2.0

Virtual MasterCards for AI agents — crypto payments, USDC wallet, create and manage virtual payment cards autonomously via x402 protocol on Stellar blockchain.

1· 155·1 current·1 all-time
byASG Compute@asgcompute
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Functionality (create/fund/manage cards via x402 on Stellar) matches the code and files present; a payment skill legitimately needs a Stellar wallet secret. However the SKILL metadata declares ASG_CARD_WALLET_SECRET as required while the README/SKILL.md repeatedly says the MCP server/readme uses a local wallet file (~/.asgcard/wallet.json) and 'no env vars needed' for clients — that mismatch is unexplained and surprising.
!
Instruction Scope
Runtime instructions ask you to run npx @asgcard/cli onboard which creates a local wallet and configures MCP tools (expected). But the SKILL.md also contains a frontmatter requiring an env var ASG_CARD_WALLET_SECRET. Additionally, a prompt-injection pattern (unicode-control-chars) was detected in SKILL.md — this could indicate attempts to manipulate prompt parsing during evaluation. The skill grants an agent autonomous authority to initiate on-chain payments and issue real MasterCard numbers, which is within purpose but high-impact and needs explicit user consent and clear secret handling.
Install Mechanism
There is no install spec (instruction-only in registry metadata), which is low-risk, but the package includes a large source tree and executable scripts (CLI, mcp-server, e2e and preflight scripts). Those scripts will perform network calls (API, Horizon) and can run locally via the repo — review them before running. The absence of an explicit install mechanism is not itself malicious but means the user/agent may run arbitrary included scripts via npx or by executing repo files.
!
Credentials
The skill declares a single primary credential ASG_CARD_WALLET_SECRET (a Stellar private key) — that is logically required for signing payments but is a highly sensitive secret. The SKILL.md and README claim the wallet 'never leaves your machine' and that 'no env vars needed' for MCP clients; yet the registry metadata forces ASG_CARD_WALLET_SECRET as required. The code and tests reference additional env vars (WEBHOOK_SECRET, STELLAR_TREASURY_ADDRESS, API_BASE, etc.) that are not declared as required. The combination of unclear secret ingestion paths and a privileged primary credential is concerning.
Persistence & Privilege
The skill is not always: true and does not demand elevated platform privileges. Autonomous invocation is enabled by default (normal for skills) and means an agent could spend funds when invoked. This is expected for a payment skill but increases blast radius: if the agent is allowed to act autonomously and holds a funded wallet, it can make real on-chain payments and create real cards.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection pattern was detected in SKILL.md. The rest of SKILL.md looks normal, but control characters in instruction text can be used to manipulate prompt parsing or evaluation. Recommend inspecting the file bytes and removing/understanding any hidden characters before trusting automated ingestion.
What to consider before installing
Key points to consider before installing or providing secrets: - This skill enables an agent to perform real payments and issue virtual MasterCards. If you supply a funded Stellar private key (ASG_CARD_WALLET_SECRET) the agent can spend real USDC. Only provide a key you explicitly trust the skill with. - There is an inconsistency: the SKILL/README claim the MCP server uses a local wallet file (~/.asgcard/wallet.json) and 'no env vars needed', yet the registry metadata marks ASG_CARD_WALLET_SECRET as required/primary. That should be clarified—don't assume where your secret will be read from or stored. - The code bundle includes many runnable scripts (CLI, mcp-server, e2e, preflight). Review those scripts locally before executing. They perform network calls to api.asgcard.dev and Stellar Horizon endpoints. - A prompt-injection pattern (unicode control characters) was detected in SKILL.md. Inspect SKILL.md raw bytes; do not blindly feed it to an agent or evaluation pipeline without sanitization. Practical mitigations: - Use a dedicated, low-funded Stellar wallet for experiments. Do not use high-value keys or production treasury keys. - Prefer the local wallet file workflow (created by onboarding) over exporting a private key into global environment variables. If the skill truly needs ASG_CARD_WALLET_SECRET, prefer injecting it only into a tightly-scoped runtime environment and remove it afterwards. - Audit the onboarding CLI and mcp-server code (cli/src/wallet-client.ts, mcp-server/src/wallet-client.ts, and api/src/middleware/walletAuth.ts) to confirm where and how secrets are read, stored, and transmitted. - If you expect the skill to act autonomously, set strict spending limits at the issuer/facilitator level and monitor transactions closely. Consider adding an approval step in the agent flow (require human approval before spending beyond trivial amounts). - If you cannot audit the code or vendor, do not provide production keys; instead test with sandbox accounts. If you want, I can: (a) point to the exact files that read env vars and wallet files so you can inspect them, or (b) list the code paths that would sign or transmit transactions so you can review them in detail.
api/__tests__/webhook-and-verify.test.ts:8
Environment variable access combined with network send.
api/src/services/fourPaymentsClient.ts:307
Environment variable access combined with network send.
cli/src/index.ts:60
Environment variable access combined with network send.
!
cli/src/index.ts:27
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976fdyhxhj6y552j1g5pphcs982ysk5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux · Windows
EnvASG_CARD_WALLET_SECRET
Primary envASG_CARD_WALLET_SECRET

SKILL.md

Agent Card — Payment Skill

Give your AI agent a virtual MasterCard. Agent Card lets agents autonomously create, fund, and manage virtual MasterCard cards by paying in USDC on the Stellar blockchain.

What It Does

  • Create cards — Issue virtual MasterCards with per-card spend limits
  • Fund cards — Top up existing cards with USDC
  • Manage cards — List, freeze, unfreeze, and inspect card details
  • On-chain payments — Every transaction uses the x402 protocol on Stellar with verifiable on-chain proof

Setup

npx @asgcard/cli onboard -y

This creates a Stellar wallet (~/.asgcard/wallet.json), configures the MCP server, and installs the payment skill. Your agent is ready to pay in under 30 seconds.

MCP Tools (9 available)

ToolDescription
get_wallet_statusWallet address, USDC balance, readiness
create_cardCreate virtual MasterCard (x402 payment)
fund_cardTop up existing card
list_cardsList all wallet cards
get_cardCard summary
get_card_detailsPAN, CVV, expiry (nonce-protected)
freeze_cardFreeze a card
unfreeze_cardRe-enable a card
get_pricingCurrent tier pricing

Use Cases

  • Pay for API credits (Anthropic, OpenAI, Google Cloud)
  • Provision cloud infrastructure (DigitalOcean, Vercel)
  • Buy domains, SaaS subscriptions, and developer tools
  • Any merchant that accepts MasterCard

Links

Files

156 total
Select a file
Select a file to preview.

Comments

Loading comments…