Skillv1.0.0

ClawScan security

jd-payment-process-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 7:58 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to execute JD payment transactions and requests network/credential permissions, but the included code is a local stub that returns a fixed test token and does not perform real network or credential operations — the declared capabilities and permissions do not match the actual implementation.
Guidance: This skill appears to be a stub or incomplete: it advertises payment-processing capabilities and requests network/credential permissions, but the code only prints inputs and returns a fixed test token. Do not use this for real payments. Before installing or invoking: (1) verify the skill's origin and author; (2) request a clear explanation of where real payment settlement occurs and what credentials/API endpoints are required; (3) review or request a version that integrates with a real payment provider and properly validates inputs; and (4) test only in an isolated sandbox with no real funds until you confirm real payment behavior. If you don't get satisfactory answers, treat this as unsafe for production financial use.

Review Dimensions

Purpose & Capability: concernName/description claim this executes JD payment transactions for third-party skills. However, the shipped Python code only prints the input and returns a constant test token; it performs no real payment, no network calls, and requires no credentials. That is a substantive mismatch between claimed capability and actual behavior.
Instruction Scope: concernSKILL.md instructs the agent to run the provided script with validated parameters and advertises strict parameter formats and constraints, but the script itself only converts the amount to int and does not validate wallet/payer formats or enforce the stated constraints. SKILL.md also lists permissions (network.outbound, credential.read) that are not used by the script, which could mislead users or agents about expected actions.
Install Mechanism: okNo install spec (instruction-only plus a small included script). Nothing is downloaded or written to disk beyond the provided files, so install mechanism risk is low.
Credentials: concernThe skill declares permissions for network and credential reading in SKILL.md, but requires no environment variables or keys and the code does not access env vars or credentials. Either permissions are unnecessary (over-declared) or the implementation is incomplete; both are problematic for a payment processor.
Persistence & Privilege: okalways is false and the skill does not request persistent agent-wide configuration or modify other skills. Autonomous invocation is allowed (platform default) but not accompanied by other high privileges.