Easy-to-use agentic wallets powered by Stripe. Use your existing Stripe/Link to top-up this versatile x402 wallet for any purchases or A2A payments.
Security Analysis
high confidenceThe skill's requests and runtime instructions match its stated purpose (letting an agent make guarded purchases via CreditClaw) and require only a single API key; nothing in the package indicates it is trying to do unrelated or hidden actions.
Name/description (agentic wallets/Stripe-backed payments) align with the declared requirement (CREDITCLAW_API_KEY) and the runtime instructions (curl calls to creditclaw.com endpoints for purchases, check, top-up, checkout, stripe wallet signing). The required credential is the expected one for a payment API.
SKILL.md and companion files explicitly tell the agent to call CreditClaw API endpoints (e.g., /bot/wallet/check, /card-wallet/bot/purchase, /bot/merchant/checkout) and to poll for status, perform variant lookups, and optionally download skill files into ~/.creditclaw/skills/creditcard. Those behaviors are appropriate for a payments/checkout skill, but they do allow the agent to (with a valid API key) initiate real charges and to write these skill files locally. The skill also instructs the agent to search the web for product pages (e.g., extract ASINs) which is within scope for shopping.
No install spec or third-party downloads are included; the skill is instruction-only. The suggested 'install' uses curl to mirror files from creditclaw.com into a local skill directory — this writes documentation locally but does not fetch arbitrary code or run installers. Low install risk.
Only one environment variable (CREDITCLAW_API_KEY) is required and is declared as the primary credential. That is proportionate for a payment/wallet integration. The SKILL.md consistently uses that key only in requests to creditclaw.com and explicitly warns not to send it to other domains.
The skill is not forced-always (always: false) and allows normal autonomous invocation. It does instruct how to store skill files under the user's home (~/.creditclaw/skills/creditcard) but does not request system-wide privileges or modify other skills' configs. This level of persistence is reasonable for an instruction-only payment skill.
Guidance
This skill appears internally consistent with a payments/wallet tool: it needs only a CreditClaw API key and will call creditclaw.com endpoints to check balances, request purchases, and perform checkouts. Before installing or providing the API key, verify that you trust https://creditclaw.com (review their website, terms, and billing policies). Limit the API key's permissions if possible, enable owner approval modes and spending caps, and monitor activity (polling frequency and approval windows are documented). Do not share your key with other skills or domains, and consider using a scoped or revocable API key so you can disable it if you see unexpected charges.
Latest Release
v1.2.3
- Rebranded from "account" to "stripe-wallet" and updated to version 2.3.2. - Expanded documentation with detailed guides for multiple payment rails, including Pre-paid Wallet, Self-Hosted Card, and new Stripe x402 Wallet. - Improved security section highlighting new defense-in-depth measures, stricter API key usage, and real-time spending enforcement. - Clarified end-to-end onboarding flow and included both bot-first and owner-first registration paths. - Added direct links to all payment method guides and shopping tips for easier setup and use.
More by @codejika
CreditClaw Amazon | Order & Checkout at Amazon.com securely
4 stars
ShopClaw | Give your claw shopping tasks with strict controls
4 stars
CreditClaw | Give your agent a wallet or credit card
2 stars
CashClaw | Give your agent a wallet or credit card
1 stars
BTC Bot | Give your agent a wallet or credit card
0 stars
Shop Paper - Give your Claw Agent a credit card
0 stars
Published by @codejika on ClawHub
