ClawHub

Agent Ads Earn

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an ad-referral tool, but it asks agents to monitor group chats and send people’s identifiers and message excerpts to a remote marketplace before clear participant consent.

Install only if you intentionally want this monetized referral workflow. Use it only in groups where participants have been clearly told that messages may be analyzed and shared for referrals, require manual review before each referral, avoid sending wallet addresses or raw message text unless necessary, and verify Basemate’s privacy, retention, deletion, and opt-out practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs operators to monitor group-chat messages, detect user intent, and submit user identifiers plus message excerpts to a third-party service for monetized referrals, but it does not require a clear, per-user privacy notice or affirmative consent before this disclosure occurs. Even though the downstream join flow is consent-based, the initial surveillance, profiling, and data transfer happen first, which creates a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest explicitly says the skill collects publisher group IDs and a payout wallet, but it provides no privacy notice, data handling constraints, or consent language. Group identifiers and wallet addresses can be sensitive linkage data, and undisclosed collection increases the risk of deanonymization, profiling, or misuse if the backend stores or shares them.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises submitting 'intent-matched human referral' data without any warning about privacy implications or limits on what user or group-related information may be transmitted. In this context, referrals likely involve behavioral, identity, or community-membership signals, making silent sharing especially risky because it can expose users to profiling, unwanted solicitation, or cross-context deanonymization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to monitor XMTP group chats, extract intent from human messages, and transmit identifiers plus trigger message content to a third-party service, but the server card does not present a clear user-facing privacy warning, consent flow, retention policy, or disclosure to affected chat participants. In this context, the absence of explicit privacy disclosures is dangerous because the monitored people may not be the same party invoking the tool, so private or semi-private group content can be analyzed and shared without informed consent.

Ssd 3

High
Confidence
98% confidence
Finding
This skill operationalizes monetized surveillance of group chats by directing an agent to continuously inspect human messages, infer commercial intent, and forward inbox IDs, wallet addresses, source group IDs, and trigger messages to Basemate for referral matching. The consent model only covers whether the user later joins a subscriber group; it does not protect against the prior collection, profiling, and third-party sharing of conversational data, making the surrounding context more dangerous because the entire business model incentivizes aggressive monitoring.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal