ClawHub
Back to skill

Security audit

Create Payment Credential

Security checks across malware telemetry and agentic risk

Overview

This payment skill is high-impact but its behavior is disclosed, purpose-aligned, and gated by Link authentication and approval flows.

Install only if you want an agent to help complete real purchases through Link. Review merchant, item, amount, and shipping details before approving any request in Link, avoid suspicious checkout pages, and delete any temporary card output files after the purchase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is invocable on extremely broad phrases like 'buy something', 'pay for X', 'make a purchase', or requests to log in/sign up for Link, which overlap with ordinary conversation and can trigger a high-risk payment capability with insufficiently specific user intent. In a payment skill, over-broad routing is especially dangerous because mistaken invocation can lead to authentication flows, wallet access, spend-request creation, and exposure of sensitive payment context for real-money transactions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs retrieval of full card credentials and suggests writing them to a local file, but it does not require an explicit user warning or consent before persisting highly sensitive PAN/CVC data to disk. Even with 0600 permissions, local files can be exposed through host compromise, backups, debugging artifacts, or later accidental disclosure, and this skill handles live spending credentials so the sensitivity is unusually high.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal