ClawHub

AIsa Crypto Market Data

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed AIsa-backed Twitter/X research and posting skill, with external API use and OAuth posting aligned to its stated purpose.

Install only if you are comfortable routing Twitter/X research requests and approved media/posting workflows through AIsa using an AISA_API_KEY. Do not provide Twitter passwords, browser cookies, or unrelated secrets, and require explicit confirmation before any public post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares environment and network capabilities via required API key and external AIsa-backed access, but does not expose an explicit permissions model in the skill manifest. This can mislead users or orchestration systems about what the skill can access, reducing informed consent and making unintended external transmission of prompts or data more likely.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The manifest presents the skill as broad web and research functionality, while the underlying behavior appears focused on cryptocurrency market-data retrieval through CoinGecko-style endpoints and CLI operations. This mismatch can cause the agent to invoke the skill for general research tasks and unintentionally route user requests, prompts, or sensitive context into a narrower external crypto-data workflow than expected.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The description uses very broad invocation terms such as web research, synthesis, competitor scans, and trend discovery, which overlap with many generic user requests. In agent environments, overly broad routing language increases the chance of unnecessary activation and external data sharing to third-party services when a narrower or local skill would have sufficed.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The usage guidance lists positive triggers but lacks activation boundaries and negative examples, making it easy for an agent to over-select this skill. In a skill ecosystem, ambiguous routing is a security concern because it can expand external network use and expose more user context than necessary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup section instructs use of an API key and external AIsa-backed access, but does not warn that prompts, parameters, or retrieved queries may be transmitted off-box to third-party services. Without credential-handling and data-transmission guidance, users and agents may expose secrets or sensitive research content unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal