Find Cheaper Insurance |

Name/description describe agent shopping and payment rails; the single required env var (CREDITCLAW_API_KEY) and the REST endpoints in the docs are consistent with that purpose. No unrelated credentials or binaries are requested.

The SKILL.md and companion docs instruct the agent to download skill files and to save encrypted card files to local paths (e.g., ~/.creditclaw/cards/). The encrypted card file is described as 'self-contained' and includes a decrypt script that the agent (or an ephemeral sub-agent) is expected to run (node decrypt.js <key> ...). Executing code shipped inside remote-delivered files gives that remote source the ability to run arbitrary code in the agent environment and is the main risk here. While this behaviour is explainable for an encrypted-card flow, it materially expands the agent's runtime permissions and attack surface.

No formal install spec (instruction-only) — lower baseline risk. However, the docs provide curl commands to fetch and save multiple markdown files and instruct saving card files that embed a decrypt script. Downloading and then executing script content from creditclaw.com (even from their domain) is effectively installing remote code and should be treated as a higher-risk action.

Only the CREDITCLAW_API_KEY is required and it's the declared primary credential. That matches the service's API-based design. No extraneous tokens, keys, or unrelated env vars are requested.

always is false and autonomous invocation is allowed (normal). The skill does instruct creating local directories and saving files under user home (e.g., ~/.creditclaw/skills and .creditclaw/cards) and to spawn ephemeral sub-agents; this persistence and code execution is expected for the encrypted-card workflow but increases long-term presence on disk and potential for misuse if those files or flows are compromised.