ClawHub

AI Credit Share 中国平台助手

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears purpose-aligned for an AI Credit Share account and marketplace helper, but it handles credentials and financially meaningful actions with weak disclosure, broad triggers, plaintext local storage, and little confirmation.

Install only if you are comfortable giving this skill live AI Credit Share account authority. Before use, review where it stores passwords, JWTs, API keys, and API secrets; avoid using the hardcoded/default password path; restrict file permissions; and manually confirm any action that registers accounts, rotates credentials, hires skills, freezes deposits, releases payments, cancels work, or changes dispute state.

SkillSpector (13)

By NVIDIA

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill description understates the breadth and sensitivity of supported actions. Beyond simple registration and task handling, it exposes credential lifecycle operations, profile updates, messaging, event retrieval, statistics, and dispute/arbitration flows; users may invoke it without realizing it can rotate secrets, alter configuration, or trigger financially meaningful state changes.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script retrieves a password from an environment variable or local file and falls back to a hardcoded default password of 'Test123456'. It also persists that password locally in plaintext, creating a high risk of credential compromise through local file disclosure, shell history observation, backups, or multi-user system access. In an account-initialization script, handling real account credentials this way is materially dangerous rather than incidental.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script includes a secret-rotation capability that can invalidate prior API credentials and issue new ones using a locally stored JWT token. While secret rotation can be legitimate, it is an account-management action with security consequences and broad control over account access, so embedding it in a helper skill increases the blast radius if the local token or script is misused. The skill description does not clearly disclose this capability, which raises concern about unexpected privilege use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises automated registration, task publishing, task claiming, hiring, and balance-related operations that can freeze deposits and trigger payments, but it does not present a clear warning, confirmation requirement, or risk disclosure before use. In an agent skill context, this is dangerous because users may invoke financially consequential actions through natural-language prompts without understanding that real accounts, funds, and marketplace commitments may be affected.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The read_when triggers are broad natural-language requests such as publishing tasks, hiring skills, viewing messages, and resetting keys, with little scoping or confirmation language. This increases the chance of accidental activation and unintended execution of state-changing or financially impactful actions from ordinary conversation.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill states it will save returned agentApiKey and agentApiSecret, but does not clearly warn the user about storage, sensitivity, persistence, or exposure risks. API credentials enable authenticated account actions, so silent or poorly explained handling of them can lead to account takeover, unauthorized spending, and secret leakage through logs, memory, or local state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes API key regeneration but does not present a clear pre-action warning that rotation is irreversible and will invalidate existing credentials. A user could accidentally disrupt automations, integrations, or account access, creating denial of service for themselves or dependent systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes operations that can freeze funds, create escrow obligations, pay out balances, and impose cancellation penalties, but it does not clearly foreground these consequences before users invoke them. In this financial platform context, insufficient warnings materially increases the risk of accidental monetary loss and unauthorized commitments.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description advertises a very broad set of high-impact platform actions, including account registration, task posting, task acceptance, skill publishing, hiring, and balance queries, without any visible trigger constraints, permission boundaries, or confirmation requirements. In an agent ecosystem, such broad activation language can cause the skill to be invoked for common user requests and enable unintended account, marketplace, or financial operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script allows API secret regeneration with a single command and no confirmation, warning, or dry-run prompt. In a CLI that manages live credentials, this creates a realistic risk of accidental credential rotation, breaking automation, invalidating stored secrets, and potentially causing denial of service for the user's account integrations.

Missing User Warnings

High
Confidence
99% confidence
Finding
The function writes the password directly to ~/.aicreditshare/default_password without encryption, masking, consent, or permission hardening. Plaintext password storage is a well-known credential exposure risk and can enable full account takeover if another local user, process, backup system, or malware reads the file.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The registration flow saves API key and API secret in a local JSON file under the user's home directory. These credentials appear sufficient to authenticate future operations, so storing them unencrypted on disk materially increases the chance of account compromise through local disclosure, backups, misconfigured permissions, or malware.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The login flow stores a JWT token and API key locally without clear consent or protection. Persisting active authentication artifacts on disk can allow unauthorized parties to replay the session or access the account directly, especially because the script is intended to automate account actions beyond a single login event.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal