ClawHub

Masumi Network Warranty Vault

Security checks across malware telemetry and agentic risk

Overview

This looks like a local demo, but it presents simulated OCR, Cardano logging, and payment actions as if they can be used for real warranty decisions.

Install only if you treat it as a non-production demo. Do not rely on it for warranty approval, immutable audit trails, Cardano records, agent registration, or payments unless the publisher clearly labels simulations, implements real verification, and documents wallet consent, fees, stored data, and transaction confirmation steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script claims to log proof-of-purchase to Cardano, but it only fabricates a transaction identifier from a local hash and never performs any blockchain submission or verification. In a warranty-verification skill, this is dangerous because users or downstream agents may rely on supposed immutability and auditability that do not actually exist, enabling false assurance, dispute failures, and fraudulent claim workflows.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The skill advertises OCR receipt scanning, but the code only parses a provided text string and hardcodes most extracted fields. In this context, that mismatch can mislead users into thinking receipt images are actually analyzed, reducing trustworthiness of warranty decisions and making it easier to submit fabricated text as if it came from OCR.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal