Is your claw a shopaholic? Provide payment wallets and strict controls.
Security Analysis
medium confidenceThe skill's description and requested credential (CREDITCLAW_API_KEY) match its payment-shopping purpose, but the runtime instructions ask the agent to write files, fetch and execute artifacts (curl, node decrypt scripts), spawn sub-agents, and handle encrypted card files while the skill metadata omits required binaries and install steps — a set of inconsistencies worth human review before granting an API key.
Name/description (agent wallet/checkout) align with the declared API base, endpoints, and the single required environment variable CREDITCLAW_API_KEY. The API key is the expected primary credential for a payments integration.
SKILL.md instructs the agent to download skill files via curl, save files under ~/.creditclaw, run sub-agents (sessions_spawn), and execute a decrypt script (node decrypt.js) against encrypted card files. Those actions involve persistent filesystem writes, running code, and handling raw card data. The skill metadata does not declare these operational requirements (curl, node, ability to spawn sessions), and the instructions give the agent broad discretion to save and execute artifacts — increasing the attack surface.
No install spec (instruction-only) — lower risk in that nothing is installed by the registry, but SKILL.md suggests using curl to download multiple files from https://creditclaw.com into user paths which will write to disk if followed. Those URLs are hosted on the skill's claimed domain (creditclaw.com) — not an arbitrary shortener — but executing downloaded scripts (decrypt.js) relies on external content that would be written/executed locally.
Only CREDITCLAW_API_KEY is required, which is proportionate for a payment integration. However, that single API key grants authority to create checkouts, initiate purchases, request decryption keys, and confirm transactions — effectively enabling monetary actions. The documentation warns not to send the key elsewhere, but granting this key to the skill gives it power to spend (subject to owner guardrails).
always:false (normal). The skill encourages spawning ephemeral sub-agents to handle decryption; this pattern is intended to limit exposure but depends on the platform providing isolated sub-agent execution. Autonomous invocation is allowed (platform default); combined with the ability to perform purchases, this increases blast radius if approval rules are misconfigured or if the agent can be triggered autonomously.
Guidance
This skill appears to be what it says (a payments/wallet integration), but it asks the agent to download files, save encrypted card files, and run a decrypt script — operations that write to disk and execute code. Before installing or providing CREDITCLAW_API_KEY: - Only proceed if you trust https://creditclaw.com and understand the consequences of giving a single API key authority to initiate purchases. Treat the API key like a payment credential. - Prefer issuing a scoped/revocable API key (if CreditClaw supports scopes) and test with minimal funds or sandbox keys. - Ensure your owner-enforced approval_mode is set to require human approval for purchases (ask_for_everything) unless you deliberately trust automated spending. - Confirm your environment supports the sub-agent pattern and that sub-agents run in strong isolation and are deleted after checkout. If your platform cannot spawn isolated sub-agents, the instructions say the main agent would perform decryption — that exposes raw card data in the agent context and is higher risk. - Note the metadata omission: the skill assumes tools like curl and node; ensure you have those in a safe environment and avoid blindly running downloaded scripts. - Monitor activity and webhook notifications for unexpected purchase attempts, and be ready to revoke the API key and freeze the wallet if necessary.
Latest Release
v1.0.0
- Initial release of CreditClaw shopping skill. - Provides secure, controlled payment rails for bots and agents, including encrypted cards and a USDC wallet. - Introduces strict server-side guardrails: per-transaction limits, approval modes, category blocks, and owner dashboard controls. - Includes detailed security features such as ephemeral sub-agents, split-knowledge encryption, and real-time activity logging. - Comprehensive documentation for setup, payment methods, permissions, and security best practices.
More by @codejika
CreditClaw Amazon | Order & Checkout at Amazon.com securely
4 stars
ShopClaw | Give your claw shopping tasks with strict controls
4 stars
CreditClaw | Give your agent a wallet or credit card
2 stars
CashClaw | Give your agent a wallet or credit card
1 stars
Shop Paper - Give your Claw Agent a credit card
0 stars
Bank Claw | Give your agent a bank account
0 stars
Published by @codejika on ClawHub
