ClawHub

Mercury Bank

Security checks across malware telemetry and agentic risk

Overview

This Mercury banking helper is coherent, but it needs Review because it uses a live bank API token and can change financial records without enough safeguards.

Install only if you are authorized to operate this exact Mercury business account. Use a least-privilege Mercury token, keep the secrets file private, require manual review before any invoice/customer/payment action, and avoid feeding untrusted text into the invoice command until its argument handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill exposes shell-based operational capability for sensitive banking actions but does not declare permissions or constraints. In a financial context, undeclared shell access increases the chance that a caller or orchestrator invokes privileged local commands without adequate review, especially when the skill also references local secrets and money-related workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior does not align with the described purpose: it appears to access additional financial endpoints and organizational/account details while also claiming support for sending money without implementing it. This mismatch is dangerous because users and higher-level agents may authorize the skill under false assumptions, leading to unintended disclosure of sensitive banking metadata or unsafe automation decisions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to activate on generic banking or accounts-receivable requests, which can route sensitive financial tasks to this skill without sufficiently precise user intent. In a banking context, overbroad activation materially raises the risk of unauthorized balance retrieval, invoice creation, or exposure of customer financial data through accidental invocation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documentation reveals the exact secret file path, token variable name, token format, and organization identifier for a live banking integration. Even without the token value, publishing credential locations and structure lowers the barrier for secret harvesting, misuse by adjacent tooling, and accidental disclosure in logs or prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs use of a Mercury API token for live banking access but omits any warning that the credential is highly sensitive and grants access to financial data and payment-capable endpoints. In this skill context, exposure or casual handling of the token could enable account data disclosure and unauthorized financial actions, making the omission materially risky rather than merely incomplete documentation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reference includes state-changing financial operations such as creating invoices, creating customers, and especially sending money, but provides no explicit warning that these actions can be irreversible or financially consequential. Because this skill is specifically for a real business banking environment with known account IDs, lack of friction or warning increases the chance of accidental or manipulated fund movement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script exposes state-changing financial operations such as invoice creation and cancellation with no confirmation, dry-run mode, or explicit safety prompt. In an agent skill context, this increases the risk of accidental or unauthorized actions being triggered from ambiguous user requests, causing operational and financial harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal