ClawHub

Mutinynet CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mutinynet testnet faucet CLI with disclosed GitHub login, network use, and local token storage, though users should treat the stored token as sensitive.

Use this only for Mutinynet/testnet activity, verify invoices, peer pubkeys, hosts, and amounts before running payment or channel commands, and keep the default faucet URL unless you trust another endpoint. Treat ~/.mutinynet/token like a credential and remove it when you no longer want a local faucet session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill advertises faucet and Lightning testnet operations, but it also requires GitHub OAuth login and local token storage, which are security-relevant behaviors not clearly reflected in the high-level description. This creates a trust and consent gap: users may not expect third-party authentication, outbound traffic to GitHub, or credential persistence on disk when invoking a faucet-oriented skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown instructs users to authenticate and notes that tokens are loaded from a local file, but it does not warn that credentials will be transmitted to external services and persisted locally. Without explicit notice, users may expose accounts or reuse sensitive environments without understanding the authentication and storage risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The faucet JWT is persisted to disk in the user's home directory without any permission hardening, encryption, or explicit warning. On multi-user systems or in environments with weak default umask/settings, another local process or user could read the token and use it to make authenticated faucet requests as the victim.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal