Skillv1.0.0

ClawScan security

Book a flight or Airbnb | Is your claw a nomad? · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 12:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a CreditClaw payments/wallet integration that mostly matches its declared API requirements, but metadata/title mismatch and runtime instructions that encourage downloading files and executing decrypt scripts (including a fallback that would decrypt card data in the main agent) are concerning and merit careful review before install.
Guidance: This skill appears to implement a payment/wallet integration (CreditClaw) and legitimately requires a CreditClaw API key — but there are several things to check before installing: - Clarify the metadata/title mismatch with the publisher; unexpected names can be a sign of mispackaging. - Only provide an API key you trust the service with; consider using a scoped or rotated key if possible and monitoring its use. - The docs instruct the agent to download files and to execute a decrypt script delivered with encrypted card files. Ensure your agent environment supports spawning true isolated sub-agents (so decrypted card data never touches the main agent). If sub-agent isolation is not available, avoid running the decrypt flow in the main agent. - Review any decrypt.js or other scripts delivered by creditclaw.com before executing them; executing code fetched from the network can be dangerous even when hosted on an expected domain. - If you install files under ~/.creditclaw, verify file permissions and consider isolating or sandboxing that directory. Remove or revoke local artifacts if you stop trusting the skill. - If you need higher assurance, ask the publisher for: a) explanation for the title/slug mismatch, b) a verifiable code release (e.g., GitHub release or package) for the decrypt script, and c) details about sub-agent isolation guarantees. Given these issues, proceed only if you trust creditclaw.com and can enforce the recommended isolation and monitoring practices.

Review Dimensions

Purpose & Capability: concernThe registry listing title ('Book a flight or Airbnb | Is your claw a nomad?') and slug ('book') imply a booking/commerce skill, but every included file and the SKILL.md implement a payments/wallet platform (CreditClaw/Stripe/x402/Encrypted Card). That mismatch is confusing and could be a metadata error, but it reduces trust and should be clarified with the publisher.
Instruction Scope: concernThe runtime docs instruct agents to download and save multiple files into ~/.creditclaw/skills/stripe and .creditclaw/cards, spawn ephemeral sub-agents, fetch one-time decryption keys, and run a provided decrypt.js to decrypt real card data. While these actions are coherent for an encrypted-card payment rail, they entail writing files to disk and executing code delivered alongside encrypted card files. The SKILL.md explicitly allows running checkout_steps in the main agent if sub-agent spawning is unavailable — this fallback would expose decrypted card data to the main agent and broadens the risk surface.
Install Mechanism: noteThere is no formal install spec (instruction-only), but SKILL.md includes curl commands that fetch files from https://creditclaw.com into the user's home directory. The downloads are from the service's declared domain (creditclaw.com), which is expected for this integration, but any curl+write pattern can introduce risk if the remote content is malicious or becomes compromised. No third-party or shortened URLs are used.
Credentials: okOnly a single credential (CREDITCLAW_API_KEY) is requested and declared as the primaryEnv. That is appropriate for a service that exposes an API and enforces Authorization: Bearer <api-key> on endpoints.
Persistence & Privilege: notealways is false and the skill does not request system-wide privileges. However, the instructions ask the agent to persist files under ~/.creditclaw and to store delivered encrypted card files under .creditclaw/cards; this is expected for the claimed functionality but gives the skill persistent local artifacts that should be managed carefully (file permissions, cleanup, audit).