ClawHub

TinkClaw

Security checks across malware telemetry and agentic risk

Overview

This market-data skill mostly does what it says, but it can send your API key and questions to an undocumented environment-selected server.

Install only if you trust TinkClaw with the API key and any market questions you send. Leave TINKCLAW_API_URL unset unless you intentionally trust that alternate endpoint, use limited-scope keys, avoid sending private account or portfolio details in prompts, and require explicit confirmation before using any account, staking, subscription, webhook, payment, or bot-mutation endpoint described in the API reference.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tainted flow: 'req' from os.getenv (line 52, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=data, headers=headers, method=method)

    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            return json.loads(resp.read().decode())
    except urllib.error.HTTPError as e:
        error_body = e.read().decode() if e.fp else ""
Confidence
94% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to use environment-provided secrets (`TINKCLAW_API_KEY`, optionally `TINKCLAW_MARKET_KEY`) and make outbound network requests, but it does not declare corresponding permissions. This creates a capability mismatch where reviewers and runtime policy may underestimate the skill's access to sensitive credentials and external services, increasing the risk of unintended secret exposure or unauthorized network use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal