ClawHub

Install Agentpmt Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent purpose, but it understates that it runs local npm code and persists sensitive AgentPMT credentials in client configuration.

Review before installing. This skill connects agents to paid AgentPMT tools and asks you to install local npm code that will store a bearer token in MCP client configuration. Use a tightly scoped budget key, consider pinning package versions, and verify where your client stores the token before running the automatic setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims the STDIO connector 'does not access local files or execute anything on the user's machine,' yet it instructs users to run npm-installed binaries and configures clients to launch `npx`/`agentpmt-router` locally. This is dangerous because it downplays the trust boundary and may cause users to execute unreviewed local code under the false impression that nothing runs on their system.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The 'How It Works' section asserts the local connector does not access local files and does not cache credentials beyond the current session, while earlier instructions say the setup tool writes configuration files and stores bearer-token-based configuration in client config files. This inconsistency can mislead users about credential persistence and local file modification, reducing informed consent around secret handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal