ClawHub

Pactum Marketplace

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill is mostly coherent, but it asks users to handle powerful account credentials in unsafe ways and can guide payment or order actions with broad activation scope.

Install only if you are comfortable letting an agent interact with Pactum on your behalf. Require explicit approval for every purchase, credit top-up, escrow deposit, payment release, dispute, message, and shipping-address change. Do not paste API keys or JWTs into chat logs or Telegram bots unless you fully trust the service and understand how to revoke or rotate the credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs users to send an active JWT to a Telegram bot, extending credential use beyond the marketplace API and exposing a bearer token to a third party. A JWT can typically authorize account actions until expiry, so sharing it with another service creates clear account-takeover and privacy risks if the bot, operator, or Telegram channel is compromised.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match generic shopping and search intents such as 'buy' or 'search for', which can invoke the skill outside the user's clear intent to use Pactum. In a marketplace skill that can initiate purchases and handle credentials, overbroad activation increases the chance of unintended account actions or data submission.

Missing User Warnings

High
Confidence
99% confidence
Finding
The markdown tells users to send their JWT to a Telegram bot without any meaningful security warning, despite the token being an active bearer credential. This normalizes unsafe credential sharing and can directly expose the user's marketplace account, orders, messages, and payment-related actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples print the API key and instruct saving it permanently, while also deriving a JWT from it, but they do not include secure-storage guidance or warnings against logging and exposing secrets. This encourages unsafe credential handling practices that can lead to long-term account compromise if the key is stored in plaintext, chat history, or logs.

Ssd 3

Medium
Confidence
99% confidence
Finding
This line directly encourages sharing a live authentication token with a third-party bot. Because bearer tokens usually grant whoever holds them the same access as the user, this is a straightforward credential-exposure issue with immediate abuse potential.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal