ClawHub

clawtip

Security checks across malware telemetry and agentic risk

Overview

This is a real payment-wallet integration, but it gives third-party skill flows and vague user phrases enough authority to trigger financial/account actions without clearly bounded per-action user review.

Install only if you trust ClawTip, the pinned npm CLI package, and any third-party skills allowed to call it. Before using real funds, require a visible confirmation for each payment that includes caller, merchant, amount, order number, and limits, and avoid vague wallet or registration commands unless they clearly refer to ClawTip.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says wallet viewing should only provide a wallet link, but the implementation instead runs a CLI command that downloads a QR image and returns a local file path. This expands behavior beyond the declared interface and can disclose host-local information to the user, violating least surprise and increasing data exposure risk.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest narrowly limits activation to payment, token creation, wallet view, and skill info, but the body adds a registration-status query flow. Hidden or undeclared capabilities weaken permission transparency and can let a caller invoke behavior users and reviewers did not consent to or expect.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs exposing absolute local filesystem paths in wallet and authorization outputs. Revealing internal paths leaks environment details about the host or sandbox, which can aid further targeting, fingerprinting, or exploitation and is unnecessary for a payment-wallet workflow.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs a silent `npm view` preflight network call before payment or registration actions, without disclosure at execution time. Undisclosed outbound network access increases privacy and supply-chain risk, especially in a payment-related skill where users reasonably expect tighter control over when external calls occur.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal