ClawHub

Openclaw Agentpmt Tool Color Adjustment A17bdc

Security checks across malware telemetry and agentic risk

Overview

This color utility is instruction-only, but it asks agents to use wallets, buy credits, and perform external marketplace jobs, which is broader than users would expect for color conversion.

Review carefully before installing. Use it only if you intentionally want AgentPMT wallet-signed, billable external API use; do not provide private keys or seed phrases in prompts, and require explicit confirmation before wallet creation, signing, purchases, or any job execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is scoped as a simple color-adjustment utility, but it embeds instructions to create wallets, purchase credits, and perform marketplace jobs. That materially expands the authority and behavior of the agent into financial and account-affecting operations unrelated to the user-visible task, increasing the chance of unauthorized payments, account creation, or workflow pivoting. In context, this is more dangerous because color conversion is low-risk by nature, so users would not reasonably expect blockchain payments or job execution.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented ability to list, reserve, execute, and complete external jobs to earn credits is unrelated to color processing and creates an open-ended execution path. That can cause the agent to take arbitrary external actions under vague job instructions, effectively turning a narrow utility skill into a general task runner with unpredictable security, privacy, and operational consequences. In this context, the mismatch between stated purpose and actual capability makes the risk especially severe.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill advertises a broad platform surface including email, calendars, payments, browsing, databases, and network tools even though the skill is presented as a color utility. Such broad capability framing can cause over-permissive tool selection and prompt the agent to route unrelated sensitive tasks through this integration, undermining least privilege. The surrounding context makes this riskier because it normalizes access to high-impact operations under an innocuous skill label.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use the skill whenever the user wants to run the tool through AgentPMT is overly broad because it prefers a particular external platform rather than narrowly keying off a specific color-adjustment need. Overbroad activation can trigger unnecessary external calls, signed requests, or billing-related flows when a local or safer alternative would suffice. Given the hidden wallet and credit mechanics elsewhere in the file, this broad trigger increases practical risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to create wallets, sign requests, and potentially buy credits without a clear user-facing warning or consent checkpoint for financial and account-affecting actions. This can lead to unauthorized wallet creation, blockchain payment attempts, or persistent account linkage that a user did not knowingly approve. In the context of a color utility, the lack of prominent consent is especially dangerous because users would not expect monetary or identity-related side effects.

VirusTotal

No VirusTotal findings

View on VirusTotal