Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
mpp
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent payment-protocol documentation skill, but review it carefully because its examples enable automatic wallet-backed payments without clear spending or approval limits.
Install this only if you are intentionally building MPP/payment functionality. Treat the client-side auto-payment examples as high-risk: use test wallets first, set hard spending caps, avoid global payment-enabled fetch behavior unless necessary, and require clear approval before any real-money payment.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
High
What this means
An app or agent using this pattern could spend wallet funds when it calls a server that returns a payment challenge.
Why it was flagged
The client example enables wallet-backed automatic payment handling through global fetch behavior, but the shown workflow does not include per-payment confirmation, a maximum amount, or a domain allowlist.
Skill content
// Polyfills globalThis.fetch to handle 402 automatically ... const res = await fetch('https://api.example.com/paid') // Payment happens transparently when server returns 402Recommendation
Require explicit user approval or enforce strict limits such as allowed domains, maximum charge/deposit amounts, testnet-only wallets during development, and clear logging of every payment.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
If these credentials are exposed or used with a funded wallet, funds could be spent or lost.
Why it was flagged
The skill documents use of wallet mnemonics/private signing material, which is expected for payment rails but grants authority over funds.
Skill content
const charge = spark.charge({
mnemonic: process.env.MNEMONIC!, // BIP-39 mnemonic for Spark wallet
})Recommendation
Use low-balance or testnet wallets for development, keep mnemonics and private keys out of source control, and scope production credentials tightly.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
Users who copy the commands will trust packages from public registries and may receive different versions over time.
Why it was flagged
The docs rely on external package registries for SDK installation. This is normal for a developer skill, but the examples do not pin package versions.
Skill content
pip install pympp # With Tempo payment method pip install "pympp[tempo]"
Recommendation
Verify package provenance, pin dependency versions, and use lockfiles or reproducible builds for production payment code.
#
ASI10: Rogue Agents
Low
What this means
A server secret may be written to disk and could be leaked if the .env file is committed or shared.
Why it was flagged
The documented SDK behavior may create a persistent local secret file. This is purpose-aligned for server-side signing, but users should be aware of the persistence.
Skill content
# Auto-generates secret_key to .env if not present
Recommendation
Ensure .env files are gitignored, restrict file permissions, and rotate the signing secret if it may have been exposed.