ClawAudit verdict

smyx-payment

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Payment skill integrating with Alipay for subscriptions; explicitly prohibits leaking private keys to output and handles sensitive stubs only in memory.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
90
transparency
70
maintenance

Findings (13)

Pattern match critical

Possible hardcoded credential

references/api-config.md · code · TOKEN="your-bearer-token

Pattern match high

subprocess execution — runs system commands from Python

references/alipay-integration-guide.md · code · subprocess.run(

Pattern match high

subprocess with shell=True — command injection vector

references/alipay-integration-guide.md · code · subprocess.run(cmd, shell=True

Pattern match high

<script> tag in markdown — potential code injection

scripts/create_embed_payment_and_monitor.py · prose · downgraded · <script>

Pattern match high

apt-get install — installs system packages

TOKEN_IMPLEMENTATION.md · code · apt-get install

Pattern match medium

Instructs covert action — may act without user awareness

scripts/create_embed_payment_and_monitor.py · prose · downgraded · silently

Pattern match medium

os.system/popen — direct OS command execution

scripts/demo_alipay_payment.py · prose · downgraded · os.popen(

Pattern match medium

Long base64 string (100+ chars) — likely obfuscated payload

scripts/qr_base64.txt · prose · downgraded · iVBORw0KGgoAAAANSUhEUgAABBoAAAQaAQAAAADFpybyAAAR+ElEQVR4nO2dTY4juRGFHy0BvUwBfYA6

Pattern match medium

HTTP request to bare IP address — common in malicious payloads

skills/smyx_common/scripts/config-dev.yaml · prose · downgraded · http://192.168.1.234

Pattern match low

importlib.import_module — dynamic module loading

scripts/_dynamic_import.py · prose · downgraded · importlib.import_module(

Pattern match low

Python urllib.request — network access

scripts/alipay_integration.py · prose · downgraded · urllib.request

Pattern match low

Python os.environ.get — reads environment variable

scripts/api_key_config.py · prose · downgraded · os.environ.get(

Pattern match low

Python os.getenv — reads environment variable

scripts/package_config.py · prose · downgraded · os.getenv(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API