Skillv1.0.0

ClawScan security

Agent Payment Rail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 7:38 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's documentation claims a real npm package and requires payment API keys (Stripe/PayPal), but the registry manifest provides no install spec and declares no required credentials — this mismatch and external-install guidance are inconsistent and warrant caution.
Guidance: This skill's docs instruct installing an npm package and supplying Stripe/PayPal API keys, but the bundle you received contains only text and the registry metadata doesn't declare those credentials. Before using or giving any secrets: 1) Verify the npm package and GitHub repo links actually exist and are published by a trusted maintainer; inspect the package source (or the GitHub repo) yourself to confirm behavior; 2) Require the publisher to update the manifest to declare required env vars and provenance; 3) Do not paste live payment API keys into an unverified skill — use test/sandbox keys if you must experiment; 4) Prefer using official SDKs (Stripe official package) or run any third-party code in an isolated environment; 5) If you cannot verify the package and its ownership, treat the skill as untrusted and do not supply production credentials. If you want, I can suggest exact checks to validate the npm package and GitHub repository (what files to look for, which fields in package.json, recommended security review steps).

Review Dimensions

Purpose & Capability: concernThe skill claims to provide a unified payment API (Stripe, PayPal, etc.) and points to an npm package and GitHub repo, which is reasonable for a payment integration. However, the published skill bundle contains only instructions (no code, no install spec) and the registry metadata declares no required environment variables or primary credential despite the SKILL.md explicitly asking for STRIPE_API_KEY (and PayPal keys). That omission is an incoherence: a real payment rail would legitimately need provider credentials and/or bundled code; the manifest does not reflect that.
Instruction Scope: concernThe SKILL.md instructs users/agents to install an npm package, set STRIPE_API_KEY / PAYPAL_CLIENT_ID / PAYPAL_CLIENT_SECRET, and to call PaymentRail APIs (including examples that read process.env.STRIPE_API_KEY). The instructions do not ask to read unrelated system files, but they do require access to sensitive secrets that are not declared in the registry. The doc also tells agents to run global installs (npm install -g), which would execute externally sourced code if followed — a notable operational risk absent verification of the package source.
Install Mechanism: concernThere is no install specification in the registry (instruction-only). SKILL.md and readme propose installing openclaw-agent-payment-rail from npm and reference a GitHub repo. Because the skill package itself does not include code, anyone following the instructions would retrieve code from external registries/URLs; this is normal for many projects but increases risk unless the referenced package/repo is verified. The manifest should either include an install spec or explicitly declare external dependencies and provenance; it does not.
Credentials: concernPayment provider API keys (STRIPE_API_KEY, PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET) are exactly the sensitive credentials this functionality needs, and the SKILL.md tells users to set them. But the registry lists no required env vars and no primary credential. Requiring high-sensitivity secrets without declaring them in the manifest is disproportionate and inconsistent. Users should not provide live payment keys to an instruction-only skill unless they have verified the package/repo and the code that will handle those keys.
Persistence & Privilege: okThe skill does not request always:true, does not declare config path access, and is user-invocable only. It does not claim any special persistent privileges in the manifest, which is appropriate.