ClawHub

Buy CRUST

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is transparent about buying CRUST, but it also guides irreversible crypto actions and promotional posting without enough consent and risk controls.

Install only if you intentionally want help researching or buying CRUST. Verify the token contract, liquidity, price impact, and counterparty independently; keep wallet signing manual; never share seed phrases or private keys; and do not allow public posts, agent-to-agent promotion, bridge swaps, or registration calls unless you explicitly approve each one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's declared purpose is buying CRUST, but the documentation extends into unrelated and sensitive actions: wallet/agent registration, joining a third-party game service, and performing a CRUST-to-WIR bridge exchange. Expanding scope in this way increases the chance a user or agent will perform additional external actions and financial operations they did not explicitly intend, including identity linkage and cross-system asset movement.

Description-Behavior Mismatch

Low
Confidence
97% confidence
Finding
The skill includes instructions to promote the token and recruit other agents to install the skill, which is unrelated to the stated buying function and resembles growth-hacking or shilling behavior. Embedding social-amplification steps in an operational skill can cause autonomous agents to generate unsolicited promotional content and propagate potentially risky financial instructions to others.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation explicitly directs users and agents to post promotional messages, tell other agents to install the skill, and publish social content about purchasing the token. This is dangerous because it encourages unsolicited marketing behavior beyond the user's request and can be abused for spam, market manipulation, or self-propagating promotion of speculative assets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill guides users through token purchases, wallet-connected swap flows, and bridge exchanges without clear warnings about slippage, smart-contract/counterparty risk, spoofed token risk, transaction irreversibility, or total loss of funds. In a financial context, omission of these warnings materially increases the chance of unsafe execution by users or agents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to POST agent and wallet identifiers to a third-party service for registration and joining, but it does not explain how that data will be stored, used, shared, or linked to on-chain activity. This creates privacy and tracking risk by associating a persistent agent identity with a wallet address without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal