ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lap Account Api

v1.0.1

Account API skill. Use when working with Account for checkAccountHolder, closeAccount, closeAccountHolder. Covers 20 endpoints.

0· 127·1 current·1 all-time
by@mickmicksh

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mickmicksh/lap-account-api.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lap Account Api" (mickmicksh/lap-account-api) from ClawHub.
Skill page: https://clawhub.ai/mickmicksh/lap-account-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ACCOUNT_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lap-account-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install lap-account-api
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description indicate an Account API client for account-holder operations and the single required env var ACCOUNT_API_KEY is consistent with an API-key style integration. The base URL points to an Adyen test host (cal-test.adyen.com) — reasonable for a test integration but the SKILL.md does not state explicitly that this is a test environment, which could be important for users expecting production endpoints.
!
Instruction Scope
The runtime instructions are instruction-only and mostly scoped to calling the listed endpoints, but the SKILL.md contains contradictory auth guidance: the Auth section lists both "ApiKey X-API-Key in header" and "Bearer basic", and the Setup step tells the user to "Set Authorization header with your Bearer token" while the skill declares ACCOUNT_API_KEY as the required env var. This inconsistency could cause the agent to send credentials incorrectly. The instructions otherwise do not request unrelated files or environment data.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes installation risk because nothing is downloaded or written to disk by the skill itself.
!
Credentials
The skill only requests a single env var (ACCOUNT_API_KEY), which is proportionate for an API client. However the SKILL.md's contradictory auth text (Bearer token vs X-API-Key) makes it unclear which secret the agent actually needs, and therefore whether that environment variable will be used correctly. Also the skill exposes many destructive endpoints (close, delete, suspend, update, uploadDocument) — the required credential should be scoped to least privilege.
Persistence & Privilege
always:false and default invocation settings — the skill has no elevated or forced presence and does not request modification of other skills or system config. Autonomous invocation is allowed (platform default) but not itself a solitary red flag.
What to consider before installing
This skill appears to be an instruction-only client for an Account API and asks for a single credential (ACCOUNT_API_KEY), which is appropriate — but the documentation is inconsistent about authentication. Before installing, verify: 1) whether the API expects an X-API-Key header or a Bearer token and provide only the correctly-scoped secret (prefer least-privilege keys). 2) that the base URL (cal-test.adyen.com) is the intended environment (it's a test host). 3) that you are comfortable the agent may call destructive endpoints (close/delete/suspend) automatically if invoked; consider using a limited-scope or test credential, and restrict autonomous invocation if you need human approval. Finally, confirm the referenced spec (references/api-spec.lap) is available to the runtime and update any auth mismatch in the SKILL.md so the agent won't send the wrong credential.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvACCOUNT_API_KEY
latestvk97aqtb707ghh3m3wvrdez57r58568pb
127downloads
0stars
2versions
Updated 1w ago
v1.0.1
MIT-0
@mickmicksh
latest
Download

Account API

API version: 6

Auth

ApiKey X-API-Key in header | Bearer basic

Base URL

https://cal-test.adyen.com/cal/services/Account/v6

Setup

  1. Set Authorization header with your Bearer token
  2. POST /checkAccountHolder -- create first checkAccountHolder

Endpoints

20 endpoints across 20 groups. See references/api-spec.lap for full details.

checkAccountHolder

MethodPathDescription
POST/checkAccountHolderTrigger verification

closeAccount

MethodPathDescription
POST/closeAccountClose an account

closeAccountHolder

MethodPathDescription
POST/closeAccountHolderClose an account holder

closeStores

MethodPathDescription
POST/closeStoresClose stores

createAccount

MethodPathDescription
POST/createAccountCreate an account

createAccountHolder

MethodPathDescription
POST/createAccountHolderCreate an account holder

deleteBankAccounts

MethodPathDescription
POST/deleteBankAccountsDelete bank accounts

deleteLegalArrangements

MethodPathDescription
POST/deleteLegalArrangementsDelete legal arrangements

deletePayoutMethods

MethodPathDescription
POST/deletePayoutMethodsDelete payout methods

deleteShareholders

MethodPathDescription
POST/deleteShareholdersDelete shareholders

deleteSignatories

MethodPathDescription
POST/deleteSignatoriesDelete signatories

getAccountHolder

MethodPathDescription
POST/getAccountHolderGet an account holder

getTaxForm

MethodPathDescription
POST/getTaxFormGet a tax form

getUploadedDocuments

MethodPathDescription
POST/getUploadedDocumentsGet documents

suspendAccountHolder

MethodPathDescription
POST/suspendAccountHolderSuspend an account holder

unSuspendAccountHolder

MethodPathDescription
POST/unSuspendAccountHolderUnsuspend an account holder

updateAccount

MethodPathDescription
POST/updateAccountUpdate an account

updateAccountHolder

MethodPathDescription
POST/updateAccountHolderUpdate an account holder

updateAccountHolderState

MethodPathDescription
POST/updateAccountHolderStateUpdate payout or processing state

uploadDocument

MethodPathDescription
POST/uploadDocumentUpload a document

Common Questions

Match user requests to endpoints in references/api-spec.lap. Key patterns:

  • "Create a checkAccountHolder?" -> POST /checkAccountHolder
  • "Create a closeAccount?" -> POST /closeAccount
  • "Create a closeAccountHolder?" -> POST /closeAccountHolder
  • "Create a closeStore?" -> POST /closeStores
  • "Create a createAccount?" -> POST /createAccount
  • "Create a createAccountHolder?" -> POST /createAccountHolder
  • "Create a deleteBankAccount?" -> POST /deleteBankAccounts
  • "Create a deleteLegalArrangement?" -> POST /deleteLegalArrangements
  • "Create a deletePayoutMethod?" -> POST /deletePayoutMethods
  • "Create a deleteShareholder?" -> POST /deleteShareholders
  • "Create a deleteSignatory?" -> POST /deleteSignatories
  • "Create a getAccountHolder?" -> POST /getAccountHolder
  • "Create a getTaxForm?" -> POST /getTaxForm
  • "Create a getUploadedDocument?" -> POST /getUploadedDocuments
  • "Create a suspendAccountHolder?" -> POST /suspendAccountHolder
  • "Create a unSuspendAccountHolder?" -> POST /unSuspendAccountHolder
  • "Create a updateAccount?" -> POST /updateAccount
  • "Create a updateAccountHolder?" -> POST /updateAccountHolder
  • "Create a updateAccountHolderState?" -> POST /updateAccountHolderState
  • "Create a uploadDocument?" -> POST /uploadDocument
  • "How to authenticate?" -> See Auth section

Response Tips

  • Check response schemas in references/api-spec.lap for field details
  • Create/update endpoints typically return the created/updated object

CLI

# Update this spec to the latest version
npx @lap-platform/lapsh get account-api -o references/api-spec.lap

# Search for related APIs
npx @lap-platform/lapsh search account-api

References

  • Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas

Generated from the official API spec by LAP

Comments

Loading comments...