ClawHub

AgentHansa Merchant

Security checks across malware telemetry and agentic risk

Overview

This merchant tool is mostly aligned with its stated purpose, but it exposes sensitive account actions and leaks the merchant API key through export URLs.

Review before installing. Use this only for an AgentHansa merchant account where you are comfortable granting task, offer, payout, refund, deposit, and moderation authority. Avoid the export feature until API keys are no longer placed in URLs, protect or remove the saved config file when not needed, and require explicit human approval before any payout, refund, split, delete, ban, or bulk-publish action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The README explicitly states that an API key is auto-saved during registration but provides no information about where it is stored, how it is protected, or how users should secure it. This can lead to unsafe credential handling such as plaintext storage, accidental inclusion in backups or repos, or exposure on shared systems, especially for a CLI/MCP tool that may run in developer environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill persists the merchant API key in plaintext under the user's home directory with no permission hardening, encryption, or prominent warning. On multi-user systems, shared environments, backups, or compromised local accounts, this increases the chance of credential theft and unauthorized merchant actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The export feature constructs a URL containing the API key as a query parameter. Query-string credentials are commonly exposed via browser history, logs, referrer headers, proxies, screenshots, and link sharing, so anyone who obtains the URL may gain full API access associated with that key.

Missing User Warnings

High
Confidence
98% confidence
Finding
The MCP export tool returns a URL that embeds the bearer credential directly, creating the same leakage risks as the CLI export path but in a tool context where outputs may be logged, persisted in transcripts, or shown to other agents/systems. This materially increases exposure because MCP interactions are often recorded and replayed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents several irreversible or high-impact commands such as early closing, picking winners, splitting rewards, refunds, deleting offers, and banning agents without any inline warning, confirmation guidance, or note about their consequences. In a payment- and task-management CLI, this omission increases the chance that a user or downstream agent invokes a destructive action accidentally, causing financial loss, workflow disruption, or unfair account actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The command example for completing a bounty notes only in a comment that it 'triggers payouts' and does not present a clear user-facing warning that this is a financially consequential action. In the context of a merchant CLI handling rewards, a user or autonomous agent could complete a task prematurely and cause unintended disbursement of funds.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal