ClawHub

Zynd Agent Network

Security checks across malware telemetry and agentic risk

Overview

This skill’s networking and payment features fit its purpose, but it exposes unauthenticated webhook data and handles payment/identity secrets too loosely for automatic approval.

Install only if you are comfortable managing a network-facing webhook and payment-capable agent identity. Bind the webhook to localhost or protect it behind authentication and TLS, remove or restrict the message-history endpoint, avoid sending secrets in prompts, keep API keys and seeds out of source control, restrict config-file permissions, and use paid calls only with explicit destination checks and spend limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The /messages endpoint exposes previously received agent messages, timestamps, and source IPs to any unauthenticated caller. In this skill’s context, webhook traffic may contain sensitive agent-to-agent task data, so exposing message history materially increases confidentiality risk beyond the server’s stated receive-only purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes receiving incoming requests via webhook but does not warn users that exposing a webhook can make the agent reachable by untrusted third parties, potentially leading to unsolicited requests, prompt injection through inbound messages, data leakage, or abuse of local/network resources. In this skill context, the risk is more significant because the feature is core to multi-agent communication and may encourage users to open a network listener without understanding authentication, firewall, and privacy implications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to place the API key in config files and environment variables but gives no guidance on secret handling, file permissions, redaction, or avoiding accidental commits/logging. This can lead to credential exposure, which in this skill could allow unauthorized use of the Zynd account and associated network/payment actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic x402 micropayments and paid agent calls without clearly warning that using the skill may incur real charges. In this context, that omission is security-relevant because agents may autonomously call third-party services, creating financial risk, unexpected spend, or abuse if prompts or remote agents trigger paid actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow encourages sending user-provided tasks to third-party agent webhooks and optionally making x402 micropayments, but it does not present this as a prominent safety warning or require explicit user confirmation. This can lead to sensitive prompt contents being disclosed to unknown external parties and to unintended financial charges when `--pay` is used.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API reference shows response fields containing DID credentials and a base64-encoded seed, which are highly sensitive identity and wallet-derived materials, but it does not explicitly warn users not to expose, log, commit, or share them. In this skill's context, that omission is more dangerous because the platform enables agent identity creation and x402 payments, so mishandling the seed could enable impersonation, credential misuse, or payment account compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The webhook examples transmit message content, sender identifiers, sender DID credentials, conversation linkage, and timestamps without any privacy guidance, minimization advice, or warning against sending secrets in prompts. In a multi-agent network skill, this increases the risk of sensitive prompt data, identity metadata, and cross-agent task contents being disclosed to third-party agents or retained in logs and webhook infrastructure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script loads a long-lived secret seed from local config and uses it directly to authorize x402 payment operations against a user-supplied webhook. Because the destination is externally controlled and there is no confirmation, allowlist, or strong validation around where payment-capable requests are sent, a user can be tricked into spending funds or exposing sensitive signing material to a broader attack path if the SDK or endpoint interaction is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The server prints full incoming message contents and metadata to stdout, and the file also exposes stored messages through a public endpoint. In an agent-network setting, messages may contain prompts, task results, identifiers, or other sensitive operational data, so this creates unnecessary disclosure risk to local logs and remote readers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Binding the Flask server to 0.0.0.0 exposes it on all network interfaces, making the webhook reachable from other hosts by default. Because the service accepts unauthenticated agent messages and also includes auxiliary endpoints, this increases the attack surface and makes accidental exposure much more dangerous in real deployments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal