ClawHub
Back to skill

Security audit

Shieldz Payments

Security checks across malware telemetry and agentic risk

Overview

This is a payment-link skill that openly uses Shieldz network services and does not include hidden code, persistence, or credential collection.

Install only if you are comfortable sending wallet addresses, amounts, memos, optional email addresses, and management tokens to Shieldz. Confirm each payment link or tip jar before creation, and treat manage_url/manage_token values like private access links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README explicitly states that the skill can call a direct REST API and a remote MCP server, but it does not clearly warn users that wallet addresses, payment metadata, and operational usage details will be transmitted to external network services. In a payment-related skill, this matters because users may assume a local or purely non-custodial flow while still exposing sensitive transactional context to third-party infrastructure.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough that an agent may invoke this payment skill from loosely related user phrasing without clear confirmation of user intent, transaction context, or whether the user actually wants an external payment link created. In a payments skill, over-broad activation increases the chance of unintended external API calls, accidental link generation, and disclosure of wallet or account-related data to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send an email address to a remote service as part of link creation, but only notes that it helps claim a dashboard later; it does not clearly warn that this is disclosure of personal data to a third party or require user consent. Because this is a keyless external API, an agent could transmit a user's or owner's email automatically, creating avoidable privacy leakage and possible compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.