ClawHub

MoneyClaw

Security checks across malware telemetry and agentic risk

Overview

MoneyClaw is mostly clear and safety-gated for prepaid user-approved payments, but it also includes under-disclosed merchant payment-collection instructions that can change account settings and create invoices.

Install only if you trust MoneyClaw with real payment authority and understand it includes merchant payment-collection guidance in addition to buyer-side checkout. Keep prepaid balances limited, leave agent auto-approval off unless intentional, verify merchant domains and amounts before spending, and use acquiring endpoints only when you deliberately want to accept payments and manage webhook secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file documents merchant-side payment collection, invoice hosting, public checkout, widgets, and webhook handling, which materially expands the skill beyond the declared buyer-side wallet/payment-task purpose. This scope drift can cause the agent to perform or advise higher-risk payment-processing actions that were not declared to users or reviewers, increasing the chance of misuse, unsafe fulfillment flows, and unauthorized collection behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The opening instruction explicitly tells the agent to use this reference for merchant-side payment collection, directly contradicting the skill metadata that limits use to a user's own MoneyClaw buyer-side payments. Such contradictory instructions are dangerous because they can override intended scope boundaries and lead the agent into handling merchant acquiring workflows, public payment endpoints, and order-fulfillment logic outside the approved trust model.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal