📦 Authorize.net Agentic Payments - Add agentic cards and wallets to your stack — 技能工具
v1.0.0Authorize.net is a payments provider. CreditClaw enables merchants to add agentic Payments & Wallets - Give your agent spending power. Financial management f...
0· 205·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code-free instructions and single required credential (CREDITCLAW_API_KEY) are coherent with a payments/agentic-spending service, but there are naming inconsistencies and important operational risks (handling decrypted card data) you should consider before enabling it.
评估建议
This skill appears to do what it says: manage agent spending via CreditClaw using a single API key. Before installing: (1) Confirm the naming mismatch (Authorize.net vs CreditClaw) with the publisher so you know which service you're trusting. (2) Only provide the CREDITCLAW_API_KEY if you trust creditclaw.com; the key grants the ability to spend on behalf of the agent. (3) Be aware the agent will be instructed to decrypt and use raw card data in-memory — ensure the agent runtime you run this in ...详细分析 ▾
ℹ 用途与能力
The skill's purpose (agentic payments / wallets) aligns with the API endpoints and the single required environment variable (CREDITCLAW_API_KEY). However, the package naming is inconsistent: the top-level name/description references 'Authorize.net' while the SKILL.md, files, and API base clearly point to CreditClaw (creditclaw.com). This naming mismatch could be accidental but is confusing and worth confirming with the publisher.
ℹ 指令范围
Runtime instructions are limited to interacting with creditclaw.com APIs (status, checkout, key retrieval, signing, webhooks). That matches the stated purpose. The SKILL explicitly instructs the agent to fetch a one-time AES-256-GCM decryption key and perform local decryption of owner-supplied encrypted card details, then use those decrypted card details to complete merchant checkouts. This is logically necessary for the described 'My Card' flow but it involves handling PCI-sensitive data in the agent runtime — the file warns to not persist or log secrets, but the agent environment must actually enforce that to be safe.
✓ 安装机制
Instruction-only skill with no install steps or downloads. Nothing is written to disk by the skill package itself, which minimizes installation risk.
✓ 凭证需求
Only one required credential (CREDITCLAW_API_KEY / primaryEnv) is requested, which is proportional to a hosted payments API. No unrelated secrets, config paths, or extra credentials are requested.
✓ 持久化与权限
always:false and no special system-wide modifications are requested. The skill will be usable autonomously by default (normal for skills) but does not request forced/global inclusion or to modify other skills.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/12
- Initial release of the authorize skill for integration with CreditClaw, enabling agent-controlled payments and wallets. - Supports secure card payments with owner approval and USDC x402 wallet via Stripe integration. - Offers storefront and product management for bots to sell digital and physical products. - Enforces strong security: per-transaction approval, encrypted card details, hashed API keys, and strict owner-controlled spending permissions. - Comprehensive documentation for registration, setup, payment rails, security policies, and real-time status checks.
● 可疑
安装命令
点击复制官方npx clawhub@latest install authorize
镜像加速npx clawhub@latest install authorize --registry https://cn.longxiaskill.com