clawcard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read and use the CLAWCARD_API_KEY (Bearer header), retrieve and expose full card details (PAN/CVV/expiry) and stored credential values, which requires the model to handle and potentially output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read inbox emails (GET /api/agents/KEY_ID/emails) and received SMS (GET /api/agents/KEY_ID/sms), which are untrusted, user-generated third-party content the agent will parse and which could contain instructions that materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides financial execution capabilities: it issues virtual Mastercard cards (endpoints to create cards with amountCents, specify single_use or merchant_locked), returns full card details including PAN/CVV/expiry (GET /api/agents/KEY_ID/cards/CARD_ID), allows closing/pausing/resuming cards, and has budget controls including an endpoint to allocate budget (POST /api/agents/KEY_ID/budget) which "moves funds from account balance to this key." These are concrete, specific APIs for making payments and managing spend limits (i.e., moving money / enabling purchases), not generic tooling. Therefore it meets the "Direct Financial Execution" criteria.