ClawHub

Cost Governor

Security checks across malware telemetry and agentic risk

Overview

The skill has a real cost-tracking purpose, but it encourages agents to spend from funded wallets without enough human approval, spending limits, or reviewed implementation code.

Read this carefully before installing. Do not give an agent an unrestricted funded wallet. Use a separate low-balance wallet, require explicit approval for each payment or renewal, confirm how to disable hooks and circuit breakers, and review the actual npm package/source code before running setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly markets autonomous agent payments and frames them as a feature, but it does not present a clear, prominent warning that enabling payment behavior can trigger real financial charges. In an agent skill context, normalizing autonomous spending increases the risk that users or downstream agents enable paid actions without informed consent, budget caps, or approval controls.

Missing User Warnings

High
Confidence
99% confidence
Finding
The statement 'No human approval needed' is especially dangerous because it encourages bypassing human authorization for real-money transactions. In the context of an agent skill that advertises self-funding subscriptions, this materially raises the likelihood of unauthorized or unintended charges and weakens user expectations around consent and oversight.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises automatic hook-based tracking of every API call without clearly constraining when the hooks run, what they can access, or how users opt in. Broad automatic invocation increases the chance that the skill activates in unexpected contexts and processes sensitive usage metadata or influences agent behavior without explicit user awareness.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill markets autonomous agent payments as a feature and frames self-payment as economically rational, but it does not prominently require prior user authorization, spending caps, or wallet-scoping controls. In an agent setting, this can normalize discretionary fund transfers by software acting on persuasive text rather than explicit human approval, creating real financial loss risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The human-operator guidance explicitly tells users to give the agent access to a funded wallet so it can pay autonomously, while only later noting weak payment verification. Encouraging direct wallet access without strong warnings about least privilege, approval flows, and fraud risks materially increases the likelihood of unauthorized or irreversible transfers.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal