ClawHub

InstaClaw | Buy my groceries

Security checks across malware telemetry and agentic risk

Overview

This is a broad real-money payment wallet skill published with grocery/Instacart-style framing, so users should review it carefully before granting payment authority.

Install only if you intend to give an agent broad payment-wallet capabilities, not just grocery ordering. Keep human approval enabled, set strict dollar and merchant/category limits, protect CREDITCLAW_API_KEY as a secret, and review the live CreditClaw documentation before enabling payment links, self-hosted cards, or x402/A2A payments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest presents this as an Instacart ordering skill, but the body documents a general-purpose payment and wallet platform capable of broad e-commerce spending and payment collection. This identity/purpose mismatch can mislead reviewers and users into granting the skill privileges or trust under a narrower shopping-use assumption than its actual capabilities warrant.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Generating payment links to charge arbitrary third parties is unrelated to an Instacart-ordering skill and materially expands the trust and abuse surface. A user or platform could approve this skill expecting grocery ordering, while the skill can instead solicit payments, process third-party payer data, and function as a general payments tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documentation advertises purchases from Amazon, Shopify, SaaS subscriptions, cloud hosting, and more, which far exceeds the stated Instacart-ordering purpose. This broad spending capability creates a dangerous scope mismatch because users may not realize they are enabling arbitrary merchant purchasing rather than a constrained grocery workflow.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation points to 'creditcard' and 'CreditClaw' resources instead of Instacart-branded assets, reinforcing that the manifest identity is misleading. Such branding/path inconsistencies are a strong supply-chain red flag because they obscure provenance and make it harder for users to understand what software they are actually installing.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The payment-link flow accepts a payer_email and routes the user to Stripe checkout, but the skill does not clearly warn that third-party personal data will be transmitted to external payment services. While not the most severe issue here, missing privacy disclosure can cause unintended sharing of personally identifiable information and compliance problems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal