ClawHub

X402engine

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid API gateway, but it can automatically spend from a funded wallet on broad everyday requests without built-in per-call confirmation or default spending limits.

Install only if you intend to let this skill spend from a dedicated low-balance wallet. Configure X402_POLICY_PATH with strict per-transaction caps, daily caps, and recipient allowlists before use, keep X402_AUTOPREFLIGHT enabled, and make your agent or workflow require confirmation showing the selected service and estimated cost before any paid call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill can access sensitive environment data and make networked, paid requests using a signing key, but it does not declare explicit permissions. That mismatch weakens user/operator visibility and consent, which is especially dangerous here because the skill can spend funds and route payments to remote recipients based on a fetched service catalog.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that the skill makes paid API calls transparently and that the user 'never sees' x402 payments, while requiring a funded private key for operation. This creates a real risk of undisclosed financial actions on behalf of the user or host agent, especially because the skill spans many external services and can trigger micropayments automatically during normal question answering.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad natural-language phrases such as crypto queries, web scraping, code execution, and travel searches that could match ordinary conversation and invoke a paid action unintentionally. In this skill, accidental invocation is more dangerous than usual because each invocation may sign blockchain payments and call external services, creating direct financial loss and privacy exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function turns a natural-language user query into a matched service call and executes a paid network request immediately, with no explicit user confirmation at execution time. In a pay-per-call gateway handling external APIs and micropayments, this can cause unintended outbound requests, spending, or data disclosure if the query is ambiguous, manipulated, or triggered indirectly by another agent step.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal