ClawHub

Reah Skill: Agent Card

Security checks across malware telemetry and agentic risk

Overview

The skill appears limited in code, but its documentation encourages broad payment-card use without clear transaction-level controls.

Install only if you intentionally want an agent to access a Reah payment card. Use limited or virtual cards, rotate keys, require explicit approval for every key read and every purchase detail, and do not treat this skill as general Reah platform access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The README markets the skill as offering "Full Reah platform access" even though the stated skill purpose is retrieving masked card info using an access key. This kind of capability inflation can mislead agents and users into treating the skill as authorized for broader financial or account actions, increasing the chance of unsafe tool use and privilege overreach.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The example prompt explicitly suggests using the Reah card to buy a subscription for the agent, which normalizes autonomous purchasing behavior far beyond masked-card-info retrieval. In a financial-skill context, this is especially dangerous because agents may infer transactional authority from documentation and attempt unauthorized purchases or pressure users into approving sensitive actions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The prompt "Help me order dinner for today" is a broad, everyday request that can implicitly trigger card-related or purchasing behavior without clearly signaling sensitive financial operations. In the context of a payment-adjacent skill, vague triggers are risky because they increase the likelihood that an agent invokes the skill in situations where the user did not intend financial data access or spending authority.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal