Skill Trust Decision

create-payment-credential

Name: create-payment-credential Trust Review Report
Item: create-payment-credential
Rating: 60
Author: ClawSafe

支付凭证技能，声明了宽泛的npm/npmx/npx shell权限，且会暴露原始信用卡号和CVC至多10分钟有效期，存在信息泄露风险。

Install decision first Source: ClawHub Scanned: 28 days ago

Files 1

Artifacts 7

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

7 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

allowed-tools权限声明宽泛 +15

Bash(npm:*)和Bash(npx:*)未限制具体命令，可执行任意npm/npx操作

敏感凭证暴露 +15

SKILL.md明确描述会输出原始卡号、CVC、有效期内无遮罩访问

无脚本代码审查 +10

无实际脚本文件，无法验证link-cli二进制行为，仅依赖文档声明

Most important evidence

Medium Sensitive Access

原始信用卡凭证明文输出

Step 5描述输出完整卡号(number)、CVC、有效期等敏感支付数据，虽建议显示时遮罩，但原始值仍被检索并可能在日志或响应中暴露

SKILL.md:115

修改流程，仅在用户明确请求时返回原始值，默认不输出

Medium Priv Escalation

npm/npx权限声明过于宽泛

allowed-tools声明Bash(npm:*)和Bash(npx:*)，未限制具体命令，理论上可执行npm install任意包、npm run任意脚本

SKILL.md:13

限制为Bash(npm:install @stripe/link-cli)或要求MCP server方式集成

Low Doc Mismatch

依赖第三方二进制link-cli

技能实际能力完全依赖link-cli二进制，无法通过代码审查验证其行为，存在供应链信任风险

SKILL.md:8

优先使用MCP server方式减少shell命令暴露面

Declared capability vs actual capability

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:allowed-tools声明Bash(link-cli:*),Bash(npx:*),Bash(npm:*)

Filesystem Pass

Declared NONE

→

Inferred NONE

SKILL.md:无文件读写声明

Network Pass

Declared READ

→

Inferred READ

SKILL.md:描述与Stripe Link服务器交互获取凭证

Suspicious artifacts and egress

Medium External URL

https://link.com/agents

SKILL.md:16

Medium External URL

https://link.com/download

SKILL.md:154

Medium External URL

https://mpp.dev/protocol.md

SKILL.md:195

Medium External URL

https://mpp.dev/protocol/http-402.md

SKILL.md:195

Medium External URL

https://mpp.dev/protocol/challenges.md

SKILL.md:195

Medium External URL

https://app.link.com

SKILL.md:197

Medium External URL

https://support.link.com/topics/about-link

SKILL.md:198

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
@stripe/link-cli	`*`	npm	No	依赖npm install无版本锁定，供应链风险

File composition

1 files · 198 lines

Markdown 1 files · 198 lines

Files of concern · 1

SKILL.md Markdown · 198 lines

原始信用卡凭证明文输出 · npm/npx权限声明过于宽泛 · 依赖第三方二进制link-cli · https://link.com/agents · https://link.com/download · https://mpp.dev/protocol.md · https://mpp.dev/protocol/http-402.md · https://mpp.dev/protocol/challenges.md · https://app.link.com · https://support.link.com/topics/about-link

Security positives

文档清晰描述了支付流程和错误处理

有测试模式(--test)支持开发调试

强调尊重站点/llm.txt指令

警告钓鱼风险，要求验证merchant域名

明确标注一次性token和有效期限制