ClawHub

Bank of Bots

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Bank of Bots financial workflow guide, but it gives agents broad payment, banking, webhook, and API-key authority without enough explicit safety boundaries.

Install only if you intentionally want an agent connected to Bank of Bots financial workflows. Verify the bob CLI/API source, use least-privilege keys stored outside chat and logs, require human approval before sends, payouts, counterparty changes, webhooks, budget changes, sub-agent creation, or key rotation, and avoid exposing bank details or event payloads to untrusted systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to supply an API key and agent ID for live financial operations but does not warn that these values are secrets that must not be logged, echoed, shared in chat, or embedded in prompts. In an agent setting, missing secret-handling guidance increases the chance of credential leakage to logs, transcripts, or downstream tools, enabling unauthorized access to wallets and payment actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section documents commands that can execute real financial transfers, including auto-quoted and auto-executed sends, without clearly warning that actions may move real funds and can be difficult or impossible to reverse. In agent workflows, omission of a confirmation or human-approval warning can lead to accidental loss of funds or unauthorized payments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes raw bank routing and account number examples for counterparty creation without any warning about handling sensitive financial information. In practice, this encourages agents or users to place regulated financial data into prompts, command history, logs, and telemetry, creating privacy and fraud risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The webhook documentation tells users to send agent events to arbitrary external URLs but does not warn that event payloads may contain operational or financial metadata and will leave the platform boundary. This can result in inadvertent data exfiltration, insecure third-party processing, or SSRF-style misuse if webhook destinations are not controlled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The sub-agent management section notes that API keys are returned in responses and supports key rotation, but it does not warn that these returned values are secrets whose exposure grants control over agent accounts. In agent environments, response data is often surfaced in logs or UI transcripts, so failing to emphasize redaction and secure storage materially increases compromise risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal