ClawHub

BFunbot Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed BFunBot integration, but it gives an agent financially sensitive powers without clear per-action confirmation requirements.

Install only if you trust BFunBot with your API key, wallet/account metadata, prompts sent through its LLM gateway, and billing-related actions. Use the narrowest API key permissions available, leave Agent Reload disabled unless needed, set low limits, and require explicit confirmation before any credit reload, reload-disable action, or token creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports triggering paid credit reloads from a trading wallet, but it does not require a clear user-facing confirmation or warning immediately before that paid action. This creates a real risk of unintended financial charges if an agent interprets a low-balance condition or vague user request as authorization to spend wallet funds.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup text says the agent will use BFunBot as its AI model provider, but it does not clearly warn that prompts and possibly sensitive conversation content are transmitted to BFunBot-hosted gateway infrastructure. Users may mistakenly believe prompts stay with their primary agent stack, leading to unintentional disclosure of secrets, personal data, or proprietary information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes financial-impacting endpoints for reloading credits and irreversibly disabling reload without any explicit requirement for user confirmation, approval flow, or warning about side effects. In an agent skill context, this increases the chance that an LLM-driven agent could invoke these actions autonomously or after ambiguous user input, causing unintended spending or service disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal