ClawHub

Pay For Service

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can spend USDC from an authenticated wallet without a mandatory per-request confirmation or spend cap.

Install only if you intend to let the agent make paid x402 API calls from a funded wallet. Before each use, require the agent to show the exact endpoint, method, headers/body/query data, and maximum USDC spend, then get explicit approval. Use --max-amount on every payment and avoid sending secrets or sensitive personal data to unknown endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is user-invocable and its description broadly matches common requests to call or pay for APIs, which can cause the agent to select it in situations where the user did not clearly consent to spending funds or contacting a third-party endpoint. Because the command performs automatic USDC payment and external network requests, overly broad routing materially increases the chance of unintended paid transactions and data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not prominently warn that execution will spend USDC and transmit request contents to an external endpoint, despite enabling automatic payment and arbitrary headers/body/query submission. This omission can mislead users or upstream agents into treating it like a normal HTTP tool, creating risk of unauthorized spending, sensitive data exfiltration, and interaction with untrusted services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal