Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Payment Rail
v1.0.0Provides a unified API for AI agents to create, query, refund, and cancel multi-currency payments via Stripe and other providers.
⭐ 0· 238·1 current·1 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to provide a unified payment API (Stripe, PayPal, etc.) and points to an npm package and GitHub repo, which is reasonable for a payment integration. However, the published skill bundle contains only instructions (no code, no install spec) and the registry metadata declares no required environment variables or primary credential despite the SKILL.md explicitly asking for STRIPE_API_KEY (and PayPal keys). That omission is an incoherence: a real payment rail would legitimately need provider credentials and/or bundled code; the manifest does not reflect that.
Instruction Scope
The SKILL.md instructs users/agents to install an npm package, set STRIPE_API_KEY / PAYPAL_CLIENT_ID / PAYPAL_CLIENT_SECRET, and to call PaymentRail APIs (including examples that read process.env.STRIPE_API_KEY). The instructions do not ask to read unrelated system files, but they do require access to sensitive secrets that are not declared in the registry. The doc also tells agents to run global installs (npm install -g), which would execute externally sourced code if followed — a notable operational risk absent verification of the package source.
Install Mechanism
There is no install specification in the registry (instruction-only). SKILL.md and readme propose installing openclaw-agent-payment-rail from npm and reference a GitHub repo. Because the skill package itself does not include code, anyone following the instructions would retrieve code from external registries/URLs; this is normal for many projects but increases risk unless the referenced package/repo is verified. The manifest should either include an install spec or explicitly declare external dependencies and provenance; it does not.
Credentials
Payment provider API keys (STRIPE_API_KEY, PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET) are exactly the sensitive credentials this functionality needs, and the SKILL.md tells users to set them. But the registry lists no required env vars and no primary credential. Requiring high-sensitivity secrets without declaring them in the manifest is disproportionate and inconsistent. Users should not provide live payment keys to an instruction-only skill unless they have verified the package/repo and the code that will handle those keys.
Persistence & Privilege
The skill does not request always:true, does not declare config path access, and is user-invocable only. It does not claim any special persistent privileges in the manifest, which is appropriate.
What to consider before installing
This skill's docs instruct installing an npm package and supplying Stripe/PayPal API keys, but the bundle you received contains only text and the registry metadata doesn't declare those credentials. Before using or giving any secrets: 1) Verify the npm package and GitHub repo links actually exist and are published by a trusted maintainer; inspect the package source (or the GitHub repo) yourself to confirm behavior; 2) Require the publisher to update the manifest to declare required env vars and provenance; 3) Do not paste live payment API keys into an unverified skill — use test/sandbox keys if you must experiment; 4) Prefer using official SDKs (Stripe official package) or run any third-party code in an isolated environment; 5) If you cannot verify the package and its ownership, treat the skill as untrusted and do not supply production credentials. If you want, I can suggest exact checks to validate the npm package and GitHub repository (what files to look for, which fields in package.json, recommended security review steps).Like a lobster shell, security has layers — review code before you run it.
latestvk97d9rg785ast9p1q0579q0yxx82rpja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.