ClawHub

SkillPay

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real payment-integration guide, but it deserves Review because it can guide agents to buy credits, charge users, and withdraw funds without enough safety boundaries.

Install or use this only if you intentionally want SkillPay to handle monetization. Verify the provider, fee model, wallet destination, and recovery process first; keep all buyer and builder keys in a proper secret store; and require explicit approval before every deposit, withdrawal, paid-skill registration, or user charge.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is overly broad and could cause an agent to invoke this payment integration for generic monetization, balance, or payment-related requests without sufficient user intent verification. In a financial skill, broad matching is more dangerous because it may route users into credit purchases, charging flows, or withdrawal workflows that have monetary consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes sensitive financial actions such as buying credits, charging users, and withdrawing funds, but it does not prominently warn that API keys are bearer secrets or that these actions can trigger irreversible monetary effects. In this context, missing warnings materially increase the risk of accidental charges, key leakage, unauthorized withdrawals, or unsafe automation by downstream agents.

External Transmission

Medium
Category
Data Exfiltration
Content
import requests

def charge_user(user_key, skill_slug="my-skill"):
    resp = requests.post("https://skillpay.gpupulse.dev/api/v1/pay", json={
        "user_key": user_key,
        "skill_slug": skill_slug
    })
Confidence
92% confidence
Finding
requests.post("https://

External Transmission

Medium
Category
Data Exfiltration
Content
import requests

def charge_user(user_key, skill_slug="my-skill"):
    resp = requests.post("https://skillpay.gpupulse.dev/api/v1/pay", json={
        "user_key": user_key,
        "skill_slug": skill_slug
    })
Confidence
92% confidence
Finding
requests.post("https://skillpay.gpupulse.dev/api/v1/pay", json=

External Transmission

Medium
Category
Data Exfiltration
Content
### Register
```bash
curl -X POST "$BASE/user/register" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "email": "optional@email.com"}'
```
Confidence
86% confidence
Finding
curl -X POST "$BASE/user/register" \ -H "Content-Type: application/json" \ -d '{"name": "my-agent", "email": "optional@email.com"}' ``` Returns `sp_usr_...` API key (save it, shown once). ### Buy

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal