ClawHub

Locus

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto-payment skill, but it needs Review because it stores wallet-authorized credentials and gives the agent broad dynamic payment-tool access.

Install only if you intentionally want an agent to use a wallet-connected payment service. Use a least-privilege Locus API key with spending limits, confirm every payment and token approval manually, avoid unlimited allowances, verify recipients and spender addresses, and know how to revoke the key or remove the mcporter Locus config.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This README promotes capabilities to send tokens and approve ERC-20 spending without prominently warning that these are irreversible, financially sensitive actions that can drain funds if misused by an agent or triggered from untrusted input such as emails. In the context of an agent skill designed to process payment-related actions, missing safety guidance materially increases the risk of accidental or unauthorized transfers and dangerous unlimited token approvals.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description uses very broad activation language such as 'anything payment-related' and 'process payment-related actions from emails,' which can cause the agent to invoke this skill in ambiguous contexts. In a payment-capable skill, unintended activation is risky because it can lead the agent into wallet setup, email scanning, token approvals, or payment workflows when the user did not clearly intend to use a crypto payment system.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
This returns all tools the user's permission group allows. Tools vary per user — do not assume which tools exist. Use the schema output to understand parameters.

**Call any discovered tool:**
```bash
mcporter call locus.<tool_name> param1=value1 param2=value2
```
Confidence
91% confidence
Finding
tool:*

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal