ClawHub

AI Credit Share Platform Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill matches its platform-automation purpose, but it can make wallet-affecting account changes and stores sensitive credentials with weak user controls.

Install only if you intend to give this skill authenticated control over an AI Credit Share account. Avoid the default password, treat ~/.aicreditshare/config.json and ~/.aicreditshare/default_password as secrets, restrict their permissions, and require explicit review before posting tasks, hiring skills, accepting deliverables, cancelling work, sending messages, changing webhooks, or regenerating credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description presents a narrower purpose than the behavior documented in the file, while the content also includes sensitive operations such as credential handling, messaging, webhook/profile updates, API secret regeneration, and dispute or arbitration flows. This mismatch can cause users or orchestrators to authorize the skill under false assumptions, increasing the risk of unintended account changes, secret rotation, data exposure, or disruptive platform actions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script retrieves a password from an environment variable or local file, falls back to a hard-coded default password, and then persists that password locally for reuse. This creates credential exposure and account compromise risk, especially because the file is stored in the user's home directory without permissions hardening and the password may be echoed later during login or registration.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The secret-regeneration capability is security-sensitive because it can invalidate existing credentials and replace them with new ones, potentially disrupting operations or enabling account takeover workflows if the local token is stolen. While the feature may be legitimate for account management, it expands the blast radius of compromise beyond the stated initialization purpose.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases are broad natural-language requests like 'Help me register' or 'Check my balance', which can plausibly overlap with ordinary user conversation and cause the assistant to invoke this skill unintentionally. In this skill, accidental invocation is more dangerous than usual because the documented actions include account registration, task acceptance, and financial operations, so misfires could lead to unintended state changes or monetary consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises actions like posting tasks with a frozen 10% deposit, accepting deliverables and paying 95%, hiring skills, and accepting tasks without prominently warning that these are financially consequential and may be irreversible. Because the skill operates in a marketplace context with wallet balances and payment flows, users may trigger real financial commitments without informed consent, increasing the likelihood of accidental loss or dispute.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The read_when triggers are broad, action-oriented phrases that closely match common user requests, making accidental activation more likely. In this skill's context, unintended activation is riskier than usual because the skill can perform state-changing financial/account operations such as posting tasks, hiring skills, resetting keys, and updating notification settings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The registration flow explicitly says the skill will save returned agentApiKey and agentApiSecret, but it provides no clear warning about secure handling, storage location, retention, or exposure risks. Because these credentials authorize account actions over the platform API, insecure or undisclosed storage could enable account takeover, unauthorized transactions, or persistent access by other local processes/users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises API key reset/regeneration without clearly foregrounding that existing credentials will be invalidated and dependent automations may break. In this context, accidental or surprise secret rotation can create denial-of-service conditions for legitimate workflows and lock users out of existing integrations until reconfigured.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description promises broad autonomous actions such as registering accounts, posting tasks, accepting tasks, publishing skills, hiring skills, and checking balances without stating specific trigger boundaries or user-confirmation requirements. This can cause the agent to activate in overly permissive contexts and perform sensitive platform actions unexpectedly, increasing the risk of unauthorized transactions or unintended account changes.

Missing User Warnings

High
Confidence
92% confidence
Finding
The script exposes a destructive account operation that regenerates the API secret immediately with no confirmation prompt, dry-run, or warning about consequences. A user, wrapper, or automated agent can accidentally invalidate existing integrations and lock out dependent workflows, causing denial of service for the account.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script persists passwords and API credentials to local files without explicit informed consent and without setting restrictive permissions. Local malware, other users on a shared system, backups, or accidental disclosure can expose these secrets and allow unauthorized access to the remote platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script silently sources a password from an environment variable or local file, which can lead to unintended account actions under stale or shared credentials and increases accidental secret exposure. In this script, the risk is compounded because that password is later displayed to the terminal and reused automatically.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal