ClawHub

Cryptowatch

Security checks across malware telemetry and agentic risk

Overview

This Cryptowatch skill is mostly coherent, but it needs review because it exposes a broad authenticated API proxy for a crypto/trading service without clear limits or confirmation rules.

Install only if you are comfortable using Membrane as the delegated access layer for Cryptowatch. Prefer the listed prebuilt read actions, and require explicit approval before any raw proxy request, especially POST, PUT, PATCH, or DELETE or any endpoint that could affect account, trading, or billing state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a Cryptowatch data integration, but the instructions also onboard the agent into broader Membrane platform capabilities such as connection management, action discovery, and generic request forwarding. That scope expansion can let an agent perform actions beyond the user's apparent intent and increases the attack surface from a narrow market-data skill to a more general external-integration skill.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The proxy feature allows arbitrary paths and write-capable HTTP methods through an authenticated connection, which is much broader than a market-data skill needs. Even if Cryptowatch is primarily read-oriented, a generic authenticated proxy can be abused for unintended API access, future write endpoints, or calling adjacent connector capabilities not covered by the skill's stated purpose.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal