ClawHub
Back to skill

Security audit

Encrytion Decryption Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate remote cryptography skill, but it can send raw keys, secrets, private keys, and plaintext to AgentPMT without strong enough scoping or consent guidance.

Review before installing. Use this only if you trust AgentPMT to process the exact cryptographic material involved, and avoid sending production private keys, shared secrets, decrypted plaintext, regulated data, or existing credentials unless you have explicit approval and a clear retention/logging policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest description emphasizes random generation and hashing but omits prominent mention that the skill also performs remote encryption, decryption, HMAC, and private-key signing via hosted tool calls. That understatement can cause an agent or user to route secrets, plaintext, private keys, or tokens to an external service without fully appreciating the sensitivity of the operation.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The schema documents capabilities beyond the manifest description, specifically encryption and digital signing. This creates a security-relevant mismatch because agents or reviewers may approve or invoke the skill under incomplete assumptions, enabling unexpected cryptographic operations such as signing data with private keys.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
Undisclosed digital signing is particularly sensitive because it allows the skill to process private keys and generate signatures that may authorize transactions, tokens, or attestations. If a user or agent believes the skill only hashes or decrypts data, they may expose signing keys to a capability they did not knowingly approve.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation keywords are broad phrases such as access tokens, decrypt, value, and key, which can cause the skill to be selected for many unrelated security-sensitive tasks. In context, this increases the chance that an agent will invoke a remote crypto service with confidential material simply because a prompt mentions generic credential or decryption concepts.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description does not clearly warn that tool inputs may be transmitted to a remote hosted service, even though the skill supports decrypt, sign, HMAC, and other operations that commonly involve secrets, plaintext, and private keys. This missing disclosure materially increases the risk of accidental exfiltration of sensitive data to third-party infrastructure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The decrypt and encrypt schema requires users to provide raw AES keys and IVs but gives no warning that these are sensitive secrets that should not be logged, reused improperly, or shared broadly. In an agent setting, omission of such warnings increases the chance that cryptographic material is pasted into prompts, stored in traces, or mishandled by downstream systems.

Missing User Warnings

High
Confidence
96% confidence
Finding
The HMAC and signing actions accept secret keys and PEM-encoded private keys without any warning about credential sensitivity, storage, logging, or approval requirements. This is dangerous because these credentials can directly protect authenticity and authorization; exposure could let an attacker forge webhook signatures, tokens, or other trusted messages.

External Transmission

Medium
Category
Data Exfiltration
Content
- What AgentPMT is: ../what-is-agentpmt (ClawHub: `what-is-agentpmt`, page: https://clawhub.ai/agentpmt/what-is-agentpmt; skills.sh: `npx skills add AgentPMT/agent-skills --skill what-is-agentpmt`)
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup (ClawHub: `agentpmt-account-mcp-rest-api-setup`, page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup; skills.sh: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`)
- Marketplace product: https://www.agentpmt.com/marketplace/encrytion-decryption-toolkit
- AgentPMT main MCP server: https://api.agentpmt.com/mcp/
- AgentPMT REST invoke endpoint: https://api.agentpmt.com/products/purchase
Confidence
92% confidence
Finding
https://api.agentpmt.com/

External Transmission

Medium
Category
Data Exfiltration
Content
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup (ClawHub: `agentpmt-account-mcp-rest-api-setup`, page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup; skills.sh: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`)
- Marketplace product: https://www.agentpmt.com/marketplace/encrytion-decryption-toolkit
- AgentPMT main MCP server: https://api.agentpmt.com/mcp/
- AgentPMT REST invoke endpoint: https://api.agentpmt.com/products/purchase
Confidence
92% confidence
Finding
https://api.agentpmt.com/

Credential Access

High
Category
Privilege Escalation
Content
---
name: encrytion-decryption-toolkit
description: "Encrytion Decryption Toolkit: Cryptographic toolkit: generate secure randoms, compute hashes (MD5, SHA, SHA3). Use when an agent needs encrytion decryption toolkit, generating secure api keys or access tokens for authentication systems, creating unique uuids for database record identifiers, computing file checksums to verify data integrity during transfers, validating webhook payloads by computing and comparing hmac signatures, decrypt, value, key through AgentPMT-hosted remote tool calls."
version: 1.0.0
homepage: https://www.agentpmt.com/marketplace/encrytion-decryption-toolkit
compatibility: "Agent instructions for AgentPMT-hosted remote tool calls. Follow this skill body for supported account, wallet, and setup routes. No local command runtime is declared."
Confidence
86% confidence
Finding
access tokens

Credential Access

High
Category
Privilege Escalation
Content
## When To Use
- Use this skill for `Encrytion Decryption Toolkit` on AgentPMT.
- Use it when an agent needs this specific tool's behavior, schema, inputs, outputs, and invocation shape.
- Search and activation keywords: encrytion decryption toolkit, generating secure api keys or access tokens for authentication systems, creating unique uuids for database record identifiers, computing file checksums to verify data integrity during transfers, validating webhook payloads by computing and comparing hmac signatures, decrypt, value, key.
- Supported action names: `decrypt`, `encrypt`, `generate`, `hash`, `hmac`, `sign`.

## Use Cases
Confidence
84% confidence
Finding
access tokens

Credential Access

High
Category
Privilege Escalation
Content
- Supported action names: `decrypt`, `encrypt`, `generate`, `hash`, `hmac`, `sign`.

## Use Cases
- Generating secure API keys or access tokens for authentication systems
- creating unique UUIDs for database record identifiers
- computing file checksums to verify data integrity during transfers
- validating webhook payloads by computing and comparing HMAC signatures
Confidence
78% confidence
Finding
access tokens

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal