ClawHub

AgentPMT AgentAddress + Paid Marketplace

Security checks across malware telemetry and agentic risk

Overview

The skill appears to implement its advertised AgentPMT wallet and paid marketplace flow, but it warrants review because it handles crypto private keys, can authorize purchases, and can forward OAuth-style credentials to marketplace tools.

Install only if you trust AgentPMT and the specific paid tools you will call. Use a fresh low-balance wallet, avoid passing private keys on the command line, do not use --show-secrets in logs or shared terminals, and only provide short-lived scoped OAuth tokens in _credentials after confirming the destination tool actually needs them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to include runtime credentials in `parameters._credentials` and gives an OAuth access-token example for use with external marketplace tools, but it does not require explicit user consent, destination verification, scope minimization, or redaction controls. Because the tools are third-party marketplace endpoints, this can lead to unauthorized disclosure or misuse of bearer tokens, and the surrounding paid marketplace context increases risk by normalizing automated transmission of secrets to external services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly instructs users to pass a wallet private key via a `--key` command-line argument. Command-line secrets are commonly exposed through shell history, process listings, CI logs, terminal recording, and support screenshots, so this creates a realistic path to wallet compromise and theft of funds or signing authority.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide tells users to embed runtime credentials such as OAuth access tokens directly inside request parameters. Even if functionally supported, placing credentials in general request payloads increases the chance they are logged, persisted, echoed in debugging output, stored by intermediaries, or mishandled by downstream tools, leading to account compromise.

VirusTotal

No VirusTotal findings

View on VirusTotal