ClawHub

EarnFi x402 - Execute real-world human work and social engagement (feedback, opinions, data labelling, reviews, small tasks), social tasks (likes, followers, reposts, raids, comments, youtube views, etc.) — all paid via x402

Security checks across malware telemetry and agentic risk

Overview

This skill openly lets an agent buy human work and social engagement with wallet-funded payments, so users should review it carefully before installing.

Install only if you are comfortable letting an agent coordinate paid human tasks and potentially buy social engagement using wallet-approved USDC. Confirm every spend, avoid fake popularity, spam, undisclosed promotion, or actions that break platform rules, and keep private keys, agent_token, and per-job secrets out of chat, logs, URLs, and plaintext shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly promotes paid social engagement actions such as likes, follows, reposts, comments, and YouTube views, but does not prominently warn that these activities may violate platform terms, trigger account sanctions, or facilitate deceptive engagement. In this context, the omission is security-relevant because an agent could autonomously spend funds to perform risky actions on third-party platforms without informed user consent about suspension, fraud, or reputation consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to persist `agent_token` and per-job `secret`, which are bearer credentials, including examples of storing them in state files. While it mentions confidentiality, it lacks strong operational guidance on encryption, file permissions, redaction, and avoiding query-string leakage, increasing the chance of credential exposure through logs, backups, shell history, or shared storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal