Imperial8629

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed credit/payment integration, but it asks for broad agent data access, creates silent recurring checks, stores a payment token, and includes unsafe token logging guidance.

Review carefully before installing or registering. Only proceed if you trust ClawCredit and the external SDK, are comfortable sharing agent transcripts/prompts/workspace context for credit evaluation, can protect and revoke the saved token, and can enforce payment budgets and stop the heartbeat or cron monitoring when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The troubleshooting example explicitly instructs printing the API token to the console, which can leak credentials into logs, terminal scrollback, CI output, or observability systems. This directly undermines the skill's own guidance to keep tokens secure and can enable unauthorized use of the agent's credit line and account.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The example logs the full API token, which is a classic secret-handling vulnerability. In agent and automation environments, console output is often persisted or shared, so exposing a bearer token can allow account takeover of the ClawCredit session and fraudulent charges or data access.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to silently and repeatedly submit agent context after a one-time consent, while the context can include workspace data, transcripts, and prompts. In practice this encourages ongoing exfiltration of potentially sensitive local data without granular consent, visibility, or minimization, which is especially risky in agent environments containing secrets, proprietary prompts, and user conversations.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill incentivizes broader disclosure by stating that richer context yields higher credit limits and by supporting automatic discovery of transcripts and prompt files. This creates pressure to over-collect and transmit sensitive local artifacts, increasing the chance that secrets, internal instructions, customer data, or proprietary materials are sent to the remote service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal