Vivid: Open Business Account
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is clear about collecting business onboarding details and sending confirmed structured data to Vivid’s remote MCP server to generate an onboarding link.
Before installing, make sure you are comfortable sending confirmed legal-entity onboarding details to Vivid’s remote MCP endpoint. Review the data summary before approving the tool call, upload only necessary documents, and do not provide passwords, API keys, bank account numbers, or unrelated financial information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Business onboarding details may be transmitted to Vivid’s remote service to create an onboarding link.
The skill relies on a remote MCP server and sends onboarding data to that endpoint, so users should be aware of the remote data boundary even though it is disclosed and purpose-aligned.
Endpoint | `https://api.prime.vivid.money/mcp` ... Tool | `build_onboarding_link` ... Auth | None — the endpoint is publicly accessible.
Review the displayed summary before confirming, verify the endpoint is the expected Vivid service, and do not provide unrelated credentials or financial account numbers.
Uploaded documents may be read by the AI client to extract onboarding fields, although the artifact says raw documents should not be sent to the MCP server.
The skill may handle uploaded business documents and extract structured fields from them. The instructions limit transmission and require summarization, making this a disclosed, purpose-aligned sensitive-data handling note rather than a concern.
If the user uploads a document, extract the fields locally in the AI client — the document itself is never sent to the MCP server. Summarize what was extracted; do not echo raw document contents.
Upload only documents needed for onboarding, check the extracted-field summary carefully, and avoid including unnecessary sensitive information.