ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Complete US Tax Returns - With your creditcard

v1.0.1

Let your agent shop on Amazon with guardrailed wallets and owner approval.

0· 237·0 current·0 all-time
by@triplehippo·duplicate of @jononovo/sap
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's declared purpose (shopping / guardrailed wallets) aligns with the API endpoints and the single required env var (CREDITCLAW_API_KEY). However the top-level name you provided ('Complete US Tax Returns - With your creditcard') does not match the skill content (creditclaw-amazon). That mismatch is an immediate red flag (possible mislabeling or social engineering). Otherwise the requested credential is proportionate to a payments API.
!
Instruction Scope
SKILL.md and companion docs instruct the agent to fetch multiple remote files, save files into ~/.creditclaw and .creditclaw/cards, spawn ephemeral sub-agents, and run a delivered decrypt script (node decrypt.js) to obtain card details. While these actions are coherent with an encrypted-card payment rail, they require the agent to download and execute code delivered from the vendor and to handle extremely sensitive card data. The docs also explicitly allow falling back to decrypting on the main agent if sub-agents aren't available, which would expose decrypted card details to the main agent — a scope creep / safety concern.
!
Install Mechanism
There is no formal install spec, but the SKILL.md gives curl commands to download multiple files from https://creditclaw.com into the user's home directory. Some of those files (encrypted card files) are described as containing an embedded decrypt script; the instructions expect you to run that script (node decrypt.js). Downloading and executing scripts delivered at runtime from a third-party domain is high-risk and not automatically verifiable.
Credentials
The only required environment variable is CREDITCLAW_API_KEY, which is appropriate for a payment integration. However the skill instructs writing files into specific local paths (e.g., .creditclaw/cards) despite 'required config paths' being empty in metadata — a minor inconsistency. Also, the API key and decrypted card material are highly sensitive; the documentation warns not to send the API key elsewhere, but the runtime behavior would still expose the key to any code making outbound requests from the agent environment.
Persistence & Privilege
The skill does not request 'always: true' or other elevated registry privileges. It does instruct spawning ephemeral sub-agents and saving files under the agent's home directory; those actions grant local persistence of downloaded artifacts (encrypted card files, scripts). Autonomous invocation is allowed by default — combined with payment capability and the ability to run downloaded scripts, this increases potential impact if the skill or its remote content is malicious.
What to consider before installing
This skill is functionally consistent with a payment/shopping integration but has several worrying aspects. Before installing or enabling it: (1) verify you trust https://creditclaw.com and that the vendor identity matches your expectations (the mismatch in the provided skill name is suspicious); (2) do not allow the agent to execute downloaded scripts without review — the skill explicitly asks you to run a decrypt script delivered by the server; review that code first in a sandbox; (3) ensure your environment supports ephemeral sub-agents so decrypted card data never appears in the main agent's memory; refuse to run decryption on the main agent; (4) treat CREDITCLAW_API_KEY like a high-value secret: only provide it to creditclaw.com, limit its scope/permissions if possible, and rotate it if exposed; (5) restrict agent autonomy (require explicit human approvals) while testing; (6) if you need to proceed, audit any downloaded .creditclaw files before executing, and prefer manual owner-initiated top-ups or purchases until you are confident in the vendor and workflow.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bpq3e3hkdkfdzehkbb8ga2s82p461

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCREDITCLAW_API_KEY
Primary envCREDITCLAW_API_KEY

Comments