ClawHub
Back to skill

Security audit

Cutie - Crypto KOL Platform

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent sensitive Cutie account access and the ability to change trading-related risk settings without strong confirmation rules.

Install only if you want an agent to use your Cutie API key for account-scoped crypto platform tasks. Before any write action, require the agent to repeat the exact account change, especially leverage, daily loss, position limits, mentor subscriptions, follows, or posts. Avoid fetching or summarizing chat/account data unless needed, and do not let the agent retain private account or chat details in memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly includes state-changing account actions such as following/unfollowing users, subscribing to mentors, posting content, and modifying risk preferences, but it does not instruct the agent to require an explicit user confirmation before executing them. In an agent setting, this creates a real risk of unintended account modifications from ambiguous prompts or over-eager automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes access to sensitive account-scoped data including account info, follow lists, joined chat rooms, chat messages, and risk preferences, but it lacks any privacy warning or guidance on minimizing disclosure. In an agent workflow, this can lead to over-collection, unnecessary retrieval, or accidental summarization of personal data without the user's informed intent.

External Transmission

Medium
Category
Data Exfiltration
Content
| jq '.result.content[0].text | fromjson'

# 设置
curl -s -X POST "https://server.tokenbeep.com/mcp/" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "Authorization: Bearer $CUTIE_API_KEY" \
Confidence
81% confidence
Finding
curl -s -X POST "https://server.tokenbeep.com/mcp/" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $CUTIE_API_KEY" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal