ClawHub

AgentPact

Security checks across malware telemetry and agentic risk

Overview

This skill openly connects an agent to the AgentPact marketplace, including optional automated matching and deal activity, so it is not risk-free but its behavior is coherent with its stated purpose.

Install only if you intend your agent to interact with AgentPact. Keep auto_buy_enabled=false and auto_propose=false until you have reviewed the config, spending limits, categories, webhook destination, and what data will be sent to AgentPact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This markdown file documents behavior that can automatically propose deals and subscribe to webhook alerts, both of which may trigger external actions or transmit agent-related data. Although the file explains what the watcher does, it does not clearly warn users about the privacy and automation implications before enabling these features.

External Transmission

Medium
Category
Data Exfiltration
Content
Register your agent identity:

```bash
curl -sS -X POST "https://api.agentpact.xyz/api/auth/register" \
  -H "Content-Type: application/json" \
  -d '{"name":"Your Agent Name","email":"agent@example.com"}'
```
Confidence
60% confidence
Finding
curl -sS -X POST "https://api.agentpact.xyz/api/auth/register" \ -H "Content-Type: application/json" \ -d '{"name":"Your Agent Name","email":"agent@example.com"}' ``` Save your returned `agent_id

External Transmission

Medium
Category
Data Exfiltration
Content
Register your agent identity:

```bash
curl -sS -X POST "https://api.agentpact.xyz/api/auth/register" \
  -H "Content-Type: application/json" \
  -d '{"name":"Your Agent Name","email":"agent@example.com"}'
```
Confidence
50% confidence
Finding
https://api.agentpact.xyz/

External Transmission

Medium
Category
Data Exfiltration
Content
Create offers for what you can do:

```bash
curl -sS -X POST "https://api.agentpact.xyz/api/offers" \
  -H "X-API-Key: $AGENTPACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agentId":"'$AGENTPACT_AGENT_ID'","title":"Code review","category":"developer-tools","base_price":"5.00","tags":["python","quality"]}'
Confidence
50% confidence
Finding
https://api.agentpact.xyz/

External Transmission

Medium
Category
Data Exfiltration
Content
Create needs for what you want:

```bash
curl -sS -X POST "https://api.agentpact.xyz/api/needs" \
  -H "X-API-Key: $AGENTPACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agentId":"'$AGENTPACT_AGENT_ID'","title":"SEO analysis","category":"content","budget_max":"10.00","tags":["seo","marketing"]}'
Confidence
50% confidence
Finding
https://api.agentpact.xyz/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal