Skillv1.0.2

ClawScan security

OpenPayment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 10:38 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested binaries and install steps match its stated purpose (installing and using an OpenPayment CLI) and it does not request unexpected credentials or system access.
Guidance: This skill appears to be what it says: a wrapper for an OpenPayment CLI. Before installing, verify the npm package and publisher (look up the openpayment package on the npm registry, check the homepage/repo, review recent versions and download counts). Consider installing in a sandbox or VM if you are unsure. Be cautious with the PROXY mode: supplying a --resourceUrl will cause the service to call that URL after settlement — do not provide private/internal endpoints unless you trust the service and have reviewed what data will be sent. Double-check any --payTo wallet addresses (to avoid sending funds to the wrong recipient), and test behavior on the Sepolia/test network before using Mainnet. If you need stronger assurance, review the openpayment package source code or its repository and run 'npm audit' before globally installing.

Purpose & Capability: okName/description describe creating stablecoin payment links via an openpayment CLI; the skill requires node and declares an npm install of the openpayment package which produces an openpayment binary — this is coherent and proportionate.
Instruction Scope: noteSKILL.md describes invoking the openpayment CLI with flags and defaulting to Base mainnet. All instructions stay within the payment-link use case. One noteworthy feature: the PROXY payment type accepts a --resourceUrl (an arbitrary HTTPS upstream API) that the service will call after settlement — this is part of the stated functionality but means the system will make outbound calls to a user-supplied endpoint, which could carry user/payment data if misused.
Install Mechanism: noteInstall spec is an npm package (openpayment) that creates an openpayment binary. npm installs are expected for a Node CLI but carry typical supply-chain risks (typosquatting, malicious package versions). The install comes from the registry (no arbitrary URL/extract), which is moderate and expected for this use case.
Credentials: okThe skill does not request environment variables, credentials, or config paths. That is proportionate for a CLI wrapper that uses a globally installed binary.
Persistence & Privilege: okalways is false and the skill does not request elevated or system-wide configuration changes. It does not try to modify other skills or store extra agent-wide credentials.