📦 Lap Adyen Data Protection Api — 实用工具
v1.0.0数据 Protection API接口 技能. Use when working 使用 Adyen 数据 Protection 用于 requestSubjectErasure. Covers 1 endpoint.
0· 87·1 当前·1 累计
by @mickmicksh 安全扫描
OpenClaw
可疑
medium confidenceThe skill appears to implement a single Adyen Data Protection endpoint and only requests an Adyen API key, but the runtime instructions conflict about authentication (API key vs. Bearer token) and include loose guidance to run external CLI commands — these inconsistencies should be resolved before trusting credentials to the skill.
评估建议
This skill mostly matches its stated purpose (calling Adyen's requestSubjectErasure endpoint) but the documentation is inconsistent about authentication. Before installing or supplying credentials: 1) Confirm whether the API expects an X-API-Key header or a Bearer token and update the skill or your usage accordingly. 2) Prefer using a test/sandbox API key (the base URL is a test host) — do not supply production secrets until the auth method is clarified. 3) Be aware the SKILL.md suggests running...详细分析 ▾
ℹ 用途与能力
Name, description, and declared environment variable (ADYEN_DATA_PROTECTION_API_KEY) align with an Adyen Data Protection API skill for requestSubjectErasure. The base URL is the Adyen test endpoint (ca-test.adyen.com), which is plausible for a test integration.
⚠ 指令范围
SKILL.md instructs only to POST /requestSubjectErasure and to set an Authorization header, but the doc is inconsistent: it lists both "ApiKey X-API-Key in header" and "Set Authorization header with your Bearer token." That conflict means the instructions could cause the agent to send the wrong credential type. The doc also suggests running npx @lap-platform/lapsh commands (external CLI usage) with no install spec or guarantee that lapsh is available.
✓ 安装机制
Instruction-only skill with no install steps or packages — lowest-risk install footprint. However, the instructions reference running npx/lapsh which are not provided by the skill and may fail or lead the agent to attempt installing external tooling.
⚠ 凭证需求
Only a single env var (ADYEN_DATA_PROTECTION_API_KEY) is declared, which is proportionate for an API integration. The concern is that the SKILL.md's auth guidance doesn't clearly map to that env var (X-API-Key header vs Bearer token), so it's unclear what credential you'll actually be giving the agent or how it will be used.
✓ 持久化与权限
Skill is not always-enabled and is user-invocable; it does not request unusual privileges or system config paths. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install lap-adyen-data-protection-api
镜像加速npx clawhub@latest install lap-adyen-data-protection-api --registry https://cn.longxiaskill.com