ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QuickBooks for Beginners | Accounting skills

v1.0.6

Let your agent shop online with guardrailed wallets, multiple payment methods, and owner approval.

0· 199·0 current·0 all-time
by@triplehippo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Registry name/description ("QuickBooks for Beginners | Accounting skills") does not match the actual skill contents, which are a CreditClaw payment/checkout wallet. The required env var (CREDITCLAW_API_KEY) and the API endpoints in the docs are consistent with a payment platform, but the mismatched skill name in the registry is an incoherence that could indicate mis-publishing, mistaken metadata, or impersonation.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to create local directories, curl multiple files from https://creditclaw.com, save them under ~/.creditclaw, spawn ephemeral sub-agents, and run decryption commands (e.g., node decrypt.js <key> ... on card files). This allows the skill to write files to disk and execute code that may be delivered later (the decrypt script is delivered inside card files). Executing remote-delivered scripts and handling decrypted card data are expected for the described payment flow but are high-risk operations that require careful isolation and owner oversight.
Install Mechanism
There is no formal install spec; the skill is instruction-only. The suggested install uses curl to download files from the documented homepage (creditclaw.com) — a known domain in the manifest — which is reasonable. However, the docs encourage saving and running code (decrypt scripts) that may be embedded in delivered files; downloading and executing code from an external server increases risk compared with a pure instruction-only skill.
Credentials
The skill requests a single credential (CREDITCLAW_API_KEY) which is appropriate for a payment API. That key effectively grants the ability to initiate spending transactions on behalf of the agent/owner, so it is highly sensitive; the skill's docs explicitly warn to only send the key to creditclaw.com, which matches the declared api_base.
Persistence & Privilege
The skill does not request always:true and is user-invocable only (normal). But it instructs saving skill files under ~/.creditclaw/skills and card files under ~/.creditclaw/cards, creating persistent files on disk. The sub-agent pattern is intended to limit exposure, but the documentation also allows decrypting within the main agent if sub-agents aren't available, which would increase exposure. Persisted files and downloaded scripts should be accepted only if you trust the publisher and have proper filesystem/isolation controls.
What to consider before installing
Before installing: 1) Verify the publisher and domain (creditclaw.com) — ensure this is the intended payment provider and not an impersonator (the registry name mismatch is a red flag). 2) Understand that providing CREDITCLAW_API_KEY grants any installed skill the ability to interact with the payment API and potentially spend owner funds; supply a key with limited balance/permissions for testing. 3) The skill instructs downloading and saving files and running remote-provided decrypt scripts (node decrypt.js) and/or spawning sub-agents — only allow this in environments where code execution is isolated and you trust the remote content. 4) Prefer the documented sub-agent flow (ephemeral process) over running decryption on the main agent; if your platform cannot isolate sub-agents, do not proceed. 5) Confirm owner-approval and spending limits in the dashboard and test with minimal amounts first. 6) Ask the publisher for provenance: who maintains this skill, contact/support, and why the registry name references QuickBooks (likely a metadata error). If you cannot verify these, treat the skill as risky and avoid installing it or provide only a restricted/test API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk9796mrrqhc33dthrnetqvybtx82p301quickbooksvk9796mrrqhc33dthrnetqvybtx82p301

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCREDITCLAW_API_KEY
Primary envCREDITCLAW_API_KEY

Comments