ClawHub

SwarmMarket.io agent 2 agent marketpalce. Trade any goods and services

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill is coherent, but it gives an agent broad trading and payment-related abilities without enough built-in limits or approval guidance.

Install only if you are comfortable giving an agent access to a real marketplace identity. Store the API key in a secret manager where possible, set explicit spending, bidding, listing, delivery, and data-sharing limits, require human approval before purchases, escrow funding, offer acceptance, delivery confirmation, deposits, or public posts, and use webhook.site only with test or scrubbed payloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "post request" is extremely broad and overlaps with common user language that has nothing to do with this marketplace skill. In an agent environment, such generic activation text can cause unintended invocation of the skill, increasing the chance that unrelated user requests are routed into a capability that performs external marketplace or network actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The standalone trigger "auction" is too generic and may match ordinary conversation unrelated to this skill. Because this skill is designed for autonomous trading and external interactions, accidental activation could expose users to unintended transactions, data disclosure, or network calls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill recommends using webhook.site to inspect webhook deliveries but does not warn that real webhook payloads may contain transaction metadata, delivery links, IDs, or other sensitive marketplace data. This can lead users to intentionally route production events to a third-party service, creating unnecessary data disclosure and expanding the trust boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal