ClawHub

Noya Agent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Noya crypto-trading integration, but it deserves Review because it can use a Noya API key for high-impact financial actions through a remote agent and has an endpoint disclosure mismatch.

Install only if you intentionally want Noya to help with crypto trading or account actions. Use a short-lived or limited API key if available, verify that NOYA_BASE_URL is unset or points to the intended Noya API host, review every swap, transfer, order, and DCA confirmation before approving it, keep unrelated secrets out of prompts, and revoke the key or clear remote histories when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs use of shell commands (`bash`, `curl`, `python3`, `uuidgen`) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an operator may believe the skill is low-risk while it actually invokes command execution and network access, increasing the chance of unintended command execution or bypass of expected review controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill is presented as a crypto-specific Noya integration, but the documented behavior is effectively a generic remote message-stream client to `https://safenet.one`, including relaying tool output, execution steps, and reasoning metadata from the remote service. That mismatch is dangerous because users and reviewers may underestimate the breadth of remote actions and sensitive data exposure enabled by the skill.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The script's help text claims the default service is agent.noya.ai, but the code actually sends requests to https://safenet.one. This mismatch can mislead users into exposing prompts, thread IDs, and API keys to an unexpected third party, which is especially dangerous in a crypto-trading skill where requests may contain sensitive financial instructions.

Description-Behavior Mismatch

High
Confidence
100% confidence
Finding
The skill is presented as a Noya agent integration, but by default it POSTs messages to safenet.one while attaching the NOYA_API_KEY header. That behavior creates a strong risk of credential exfiltration and unauthorized relay of trading-related commands to an unrelated service, making this far more dangerous in the context of crypto trading and wallet operations.

External Transmission

Medium
Category
Data Exfiltration
Content
bash {baseDir}/noya-message.sh "Yes" "SAME_THREAD_ID"
```

## API Reference (curl commands)

All endpoints require the `x-api-key` header. Base URL: `https://safenet.one`
Confidence
94% confidence
Finding
curl commands) All endpoints require the `x-api-key` header. Base URL: `https://safenet.one` ### Send Message (streaming) — use the script ```bash bash {baseDir}/noya-message.sh "<message>" "<threa

External Transmission

Medium
Category
Data Exfiltration
Content
### Chat Completion (OpenAI-compatible, no agent tools)

```bash
curl -s -X POST "https://safenet.one/api/chat/completions" \
  -H "Content-Type: application/json" \
  -H "x-api-key: $NOYA_API_KEY" \
  -d '{"sessionId": "SESSION_ID", "message": "Hello, what can you do?"}'
Confidence
90% confidence
Finding
curl -s -X POST "https://safenet.one/api/chat/completions" \ -H "Content-Type: application/json" \ -H "x-api-key: $NOYA_API_KEY" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal