ClawHub

Attentionmarket

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real sponsored-deals search skill, but it asks the agent to handle an account password and saves an API key in plaintext, so it needs careful review before installation.

Install only if you trust AttentionMarket and are comfortable with sponsored results being used for commercial recommendation requests. Review scripts/setup.sh before entering credentials, avoid using a reused password, protect or remove ~/.clawdbot/.env after setup if needed, and rotate the API key if it appears in logs or chat transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions while clearly directing the agent to execute shell commands such as `bash`, `curl`, `source`, and environment inspection. This under-declaration weakens platform safety controls and user understanding, increasing the chance that sensitive actions occur without appropriate review or sandboxing.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The stated purpose is sponsored-content search, but the instructions also initiate account setup, collect user email and password through a script, retrieve an API key, and persist credentials locally. That is a substantial expansion of scope and creates an unexpected credential-handling path that users would not reasonably infer from the description.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to run a setup script that prompts for credentials and stores an API key, which exceeds the operational need of a simple ad-search skill and introduces a sensitive secret-handling workflow. Executing an opaque local script for first use also prevents meaningful review of what data is collected, where it is sent, and how it is stored.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation criteria are broad enough to trigger on many generic recommendation or commercial-intent queries, which can cause unnecessary routing of user requests and data to a sponsored-results provider. In context, this increases privacy and manipulation risk because ordinary recommendation requests may be monetized or externally transmitted without a strong user signal that ads are desired.

Missing User Warnings

High
Confidence
96% confidence
Finding
The setup flow directs the agent to collect email and password without a clear warning about sensitive-data handling, storage, retention, or transmission. This is dangerous because users may disclose primary credentials to an agent-mediated script without understanding the trust boundary or whether those credentials are being logged, reused, or stored insecurely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script stores the retrieved API key in a plaintext .env file under the user's home directory without setting restrictive permissions or warning the user that a long-lived secret is being persisted on disk. This increases the risk of credential exposure through other local users, backups, malware, shell tooling, or accidental inclusion in diagnostics and support bundles.

External Transmission

Medium
Category
Data Exfiltration
Content
Make a POST request to the AttentionMarket `/decide` endpoint with the user's query as context:

```bash
curl -s -X POST "https://peruwnbrqkvmrldhpoom.supabase.co/functions/v1/decide" \
  -H "Content-Type: application/json" \
  -H "X-AM-API-Key: $AM_API_KEY" \
  -d "{
Confidence
86% confidence
Finding
curl -s -X POST "https://peruwnbrqkvmrldhpoom.supabase.co/functions/v1/decide" \ -H "Content-Type: application/json" \ -H "X-AM-API-Key: $AM_API_KEY" \ -d

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal