clawcard
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive authentication data from a local file located at
~/.clawcard/.env. This grants the agent access to theCLAWCARD_API_KEYstored on the filesystem. - [DATA_EXFILTRATION]: The skill provides the agent with access to highly sensitive financial information, including full virtual card numbers (PAN), CVV codes, and expiry dates through the
GET /api/agents/KEY_ID/cards/CARD_IDendpoint. - [PROMPT_INJECTION]: The skill introduces a significant surface for indirect prompt injection due to its communication capabilities.
- Ingestion points: Untrusted data enters the agent context through the
GET /api/agents/KEY_ID/emailsandGET /api/agents/KEY_ID/smsendpoints (found in SKILL.md). - Boundary markers: Absent. The skill does not provide instructions to the agent on how to delimit or ignore instructions that may be embedded in incoming messages.
- Capability inventory: The agent possesses high-impact capabilities, including sending arbitrary emails and SMS, managing financial budgets, creating virtual cards, and retrieving secrets from an encrypted vault (found in SKILL.md).
- Sanitization: Absent. There are no guidelines for the agent to sanitize or validate content received from external sources before it is used in subsequent operations.
Audit Metadata