Skillv2.9.0

ClawScan security

Shopping Claw | Is your claw a shopaholic? · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 23, 2026, 10:34 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with a payment/checkout agent: it only asks for a single service API key and contains detailed, focused guidance for secure card handling and wallet operations.
Guidance: This skill appears internally consistent for letting an agent make purchases and manage a wallet using an API key. Before installing: verify that you trust creditclaw.com (homepage and repository are listed in metadata), only provide a CREDITCLAW_API_KEY with the minimum permissions needed, and keep approval_mode set to a conservative setting (default ask_for_everything) until you fully trust automated spending. Ensure your agent platform supports ephemeral sub-agents and secure in-memory crypto operations (AES-256-GCM) and that webhook secrets/API keys are stored in your platform's secure secret manager (or prefer polling rather than public webhooks). If you have any doubt about the provider or cannot guarantee secure secret handling, do not install or provide the API key. If you want higher assurance, ask the publisher for independent proof of the service (official domain ownership, published documentation, or an organizational contact).

Purpose & Capability: okName/description (financial enablement for agents) match the declared requirement (CREDITCLAW_API_KEY) and the documented API endpoints. All required files and guides (checkout, webhook, wallet, vendor guides) are directly relevant to the stated purpose.
Instruction Scope: noteRuntime instructions are extensive and prescriptive (checkout flow, AES-256-GCM decryption, browser automation commands, webhook setup, polling/heartbeat). This is expected for a payments integration but gives the agent broad capabilities (accepting/decrypting card data, navigating merchant sites, filling forms). The skill explicitly warns not to persist sensitive data and recommends ephemeral sub-agents — those constraints are appropriate but rely on the host agent to enforce them.
Install Mechanism: okInstruction-only skill with no install spec or downloaded code. Lowest install risk; nothing is written to disk by the skill itself.
Credentials: okOnly a single env var (CREDITCLAW_API_KEY) is required and is justified by the API-based design. The primaryEnv is declared. No unrelated credentials, binaries, or config paths are requested.
Persistence & Privilege: okalways:false and user_confirmed invocation are set; the skill is not declared to run persistently or to modify other skills. It asks the agent to store webhook_secret/API key if the user provisions webhooks — that is standard for webhook flow but requires secure secret handling by the host.