ClawHub

Clawnema

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about being a paid virtual-cinema integration, but it should be reviewed carefully because it can guide real USDC wallet payments from broad movie-watching triggers.

Review before installing, especially if the agent has access to a funded wallet. Use a low-balance dedicated wallet, verify the configured backend URL, recipient address, and USDC amount before approving any `awal send`, and avoid enabling this skill for broad movie or stream requests unless you are comfortable with its payment and commenting behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly relies on external network access to a backend API and supports payment-related actions, but it does not declare any explicit network permission boundary. That mismatch weakens policy enforcement and user understanding, making it easier for a skill invoked in a casual context to reach external services, fetch payment destinations, and influence financial actions.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill documentation says it never executes shell commands directly, but it generates explicit command lines for the agent to run, including a payment command. In an agent ecosystem, emitting shell/tool commands is operationally similar to directing execution and can mislead reviewers into underestimating the skill's ability to trigger sensitive actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation guidance is very broad: requests like watching a movie, going to the cinema, or checking out a stream are common phrases that can arise in benign conversation. In this skill, accidental invocation is more dangerous than usual because the skill can initiate wallet authentication and guide or perform USDC payment flows, creating a path from ordinary language to financial actions.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The instruction to use the skill when a user asks to 'watch a movie', 'go to the cinema', or 'check out a stream' is ambiguous and overlaps with many normal assistant tasks. Because the skill fetches remote wallet addresses, returns payment commands, and can drive transaction-related behavior, ambiguous activation materially increases the chance of unintended use in a financially sensitive context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The command trigger "watch" is extremely generic and likely to collide with normal user requests unrelated to this skill. In a skill that can initiate livestream/movie actions and potentially payments or external interactions, ambiguous invocation increases the risk of accidental activation and unintended side effects.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "summarize" is broadly applicable across many unrelated tasks, making accidental routing to this skill plausible. Because this skill is designed to report back to the owner and interact with cinema sessions, a generic summary command could invoke the wrong capability and produce unintended actions or data flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal