Skillv1.0.0

ClawScan security

Stripe API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 6:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions do what a Stripe read-only inspector would, but the package metadata omits the required secret (STRIPE_SECRET_KEY) and there's no provenance for the skill — this mismatch and the need to provide a powerful live secret warrant caution.
Guidance: This skill appears to be a straightforward Stripe read-only helper, but proceed carefully: (1) the skill requires STRIPE_SECRET_KEY at runtime even though the registry metadata doesn't declare it — verify this before installing; (2) only use a limited/restricted Stripe key or a test key when possible (do not paste or reuse a production full-access key unless you trust the source); (3) review the included scripts yourself — they only call api.stripe.com and print results, but you should confirm there are no hidden network calls; (4) prefer creating a restricted API key scoped to read-only endpoints or a test account; (5) if you must share a live key with this skill, rotate the key afterwards; and (6) ask the publisher to update the metadata to declare STRIPE_SECRET_KEY as the primary credential and publish a verifiable homepage/source so you can validate provenance.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, and the included script are coherent: the skill is a minimal Stripe read-only inspector and would legitimately need a Stripe secret key. However, the registry metadata lists no required env var or primary credential even though the runtime instructions and script require STRIPE_SECRET_KEY. That metadata omission is an inconsistency.
Instruction Scope: okSKILL.md tells the agent to set STRIPE_SECRET_KEY and run the provided Python helper. The helper only issues HTTPS requests to api.stripe.com and prints JSON. The instructions explicitly recommend read-only operations and ask for user confirmation before any future write actions. The skill does not instruct reading unrelated files, system paths, or forwarding data to unknown endpoints.
Install Mechanism: okNo install spec — instruction-only with a small included Python script that uses only the standard library (urllib). Nothing is downloaded from arbitrary URLs or written to unexpected locations.
Credentials: concernRuntime requires a live Stripe secret (STRIPE_SECRET_KEY), which is a powerful credential, but the registry metadata does not declare this env var or a primary credential. That mismatch reduces transparency and increases risk because users may not realize they must provide a secret. The skill asks for no other unrelated credentials (which is appropriate).
Persistence & Privilege: okalways is false and the skill doesn't request persistent system-level privileges or modify other skills. Autonomous invocation is enabled by default but not accompanied by other worrying privileges.