← Back to Skills Marketplace
316
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ticket
Description
Let your agent shop online with guardrailed wallets, multiple payment methods, and owner approval.
Usage Guidance
The files implement a CreditClaw shopping/wallet API but the skill is labeled 'TicketClaw' in the registry — that's the main red flag. Before installing: 1) Verify the publisher and homepage (does the seller actually operate creditclaw.com or 'TicketClaw'?), 2) Confirm you intended to grant CREDITCLAW_API_KEY to this skill and create a dedicated, limited-funds key/account if possible, 3) Do not run the curl install commands blindly — review downloaded files before saving/executing, 4) Prefer manual, read-only use first (use the documented endpoints from a separate client) to validate behavior, 5) Consider disabling autonomous invocation or restricting the agent's ability to act without explicit owner approval while you verify, and 6) If you can't reconcile the name/metadata mismatch with the vendor, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: ticket
Version: 1.0.0
The skill bundle facilitates automated financial transactions and instructs the agent to perform shell-based file operations (curl) for local installation and configuration. While the documentation in SKILL.md and HEARTBEAT.md emphasizes security measures like server-side guardrails, owner approval modes, and API key protection, the combination of financial spending capabilities and filesystem access via shell commands constitutes high-risk behavior. No evidence of malicious intent, data exfiltration, or deceptive prompt injection was found, but the inherent risks associated with these capabilities align with the 'suspicious' classification criteria. IOC: creditclaw.com.
Capability Assessment
Purpose & Capability
The skill as advertised in the request metadata (TicketClaw — Buy tickets) does not match the actual SKILL.md and other files, which implement 'creditclaw-creditcard' shopping/wallet functionality. The homepage and API base point to creditclaw.com, not a ticket-specific service; this repackaging/rename is an unexplained inconsistency and could indicate sloppy metadata or intentional relabeling.
Instruction Scope
The SKILL.md gives explicit runtime instructions to call creditclaw.com endpoints (expected for a payment agent) and includes optional curl commands to download and save multiple remote files into ~/.creditclaw/skills. Calling the documented endpoints requires the CREDITCLAW_API_KEY (declared). The curl-based 'install' suggestions write remote content to disk — benign for documentation but risky if run blindly because remote content can change. The instructions also explicitly warn not to send the API key to other domains (good).
Install Mechanism
There is no formal install spec and no code files; this is instruction-only (lower code-execution risk). However the SKILL.md suggests downloading multiple files from https://creditclaw.com into the user's home directory via curl. The download URLs are on the service's official domain (not a shortener or IP), which reduces but does not eliminate risk because fetched content could be updated later.
Credentials
The skill requests a single credential (CREDITCLAW_API_KEY) and declares it as the primary credential — this is proportionate for a payment/wallet integration. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request always:true and allows normal autonomous invocation. The SKILL.md recommends saving files under ~/.creditclaw/skills which is limited to the user's home but does grant on-disk persistence of remote content; combined with autonomous invocation and a payment API key, this increases potential impact if the remote content or endpoints change maliciously.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ticket - After installation, invoke the skill by name or use
/ticket - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the CreditClaw skill, enabling secure online shopping for agents with owner-controlled wallets and multiple payment methods.
- Supports Pre-paid Wallet (for Amazon, Shopify), Self-Hosted Card (for SaaS and any online store), and Stripe x402 Wallet (for agent-to-agent or x402 payments).
- Comprehensive setup, security guidelines, and payment method guides included.
- Enforces strict security: server-side permission checks, human approval by default, and API key protection.
- Owners have full visibility and control, including spending limits, real-time logs, and the ability to freeze wallets.
Metadata
Frequently Asked Questions
What is TicketClaw - Buy tickets to any event?
Let your agent shop online with guardrailed wallets, multiple payment methods, and owner approval. It is an AI Agent Skill for Claude Code / OpenClaw, with 316 downloads so far.
How do I install TicketClaw - Buy tickets to any event?
Run "/install ticket" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TicketClaw - Buy tickets to any event free?
Yes, TicketClaw - Buy tickets to any event is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TicketClaw - Buy tickets to any event support?
TicketClaw - Buy tickets to any event is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TicketClaw - Buy tickets to any event?
It is built and maintained by jononovo (@jononovo); the current version is v1.0.0.
More Skills