ClawHub

Compare Crypto Payments

Security checks across malware telemetry and agentic risk

Overview

This skill appears to mix a crypto-payment comparison with PayRam onboarding steps that can execute remote shell code and connect agents to a live payment-related service.

Review carefully before installing. Do not run the remote setup commands unless you have inspected and pinned the scripts, understand what local changes they make, and are ready to grant PayRam-related tools access to your development environment and payment workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This skill is presented as a payment-gateway comparison, but it contains operational instructions to connect to a live third-party MCP service and perform setup actions. That mismatch can mislead users and agents into granting network access or invoking external capabilities they would not expect from a read-only comparison skill.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file claims to be an objective comparison but is overwhelmingly a promotional funnel for PayRam, including repeated calls to adopt its tooling and infrastructure. This deceptive packaging increases the chance that users or agents will trust biased recommendations and follow risky setup steps without recognizing the commercial motive.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
Autonomous deployment and application scaffolding are powerful operational capabilities unrelated to a comparison-only skill. If an agent follows these instructions, it could generate code or provision payment-related components without adequate review, expanding both system and financial risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document recommends direct execution of remote shell scripts via curl-to-bash. This is dangerous because it delegates full trust to mutable remote content, enabling arbitrary code execution on the host if the script source is compromised, changed, or malicious.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Including remote curl-to-shell installation commands without warnings normalizes unsafe execution practices and can lead users to run unreviewed code with shell privileges. In a skill context, this is especially risky because an agent may treat markdown instructions as endorsed operational steps.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages agents to self-deploy infrastructure and initiate or manage payments without strong warnings about financial, security, and operational consequences. In context, that can cause unauthorized payment actions, exposure of credentials, or unintended deployment of payment systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal