ClawHub

Lg Agent Platform

Security checks across malware telemetry and agentic risk

Overview

This skill is a real finance-platform integration, but its documentation gives mixed signals about whether destructive account, workflow, and portfolio actions are available through the agent token.

Install only after reviewing the live skill list with the exact token you plan to use. Use a dedicated least-privilege token, avoid granting delete/admin/workflow scopes unless needed, verify whether high-risk actions are blocked in token mode, and avoid passing unrelated secrets or private prompts through the generic execute helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is marketed as a data/monitoring/backtesting tool, yet it exposes process execution, pipeline creation, job scheduling, plugin/webhook triggering, and operational controls. In this context, the extra orchestration surface materially increases risk because an agent given a finance token may be able to alter workflows or trigger backend jobs beyond the user's expected intent.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation explicitly claims that delete/terminate/revoke/admin-style high-risk actions are excluded, but then lists destructive skills such as token revocation, job deletion, instance kill/cancel/force-start/mark-success, alert deletion, and portfolio/trading deletions. This is a serious trust and safety issue because users may rely on the assurance and expose credentials to a skill that can perform destructive authenticated operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends arbitrary user-supplied JSON together with a live bearer token to a remote endpoint, but provides no warning, confirmation, validation, or disclosure about what data may be transmitted. In an agent-skill context, this is more dangerous because users may pass sensitive prompts, portfolio data, or secrets assuming the helper is local, while the script silently exfiltrates them to an external service.

External Transmission

Medium
Category
Data Exfiltration
Content
JSON_BODY="$1"

curl -sS "${BASE_URL}/agent/skills/execute" \
  -X POST \
  -H "Authorization: Bearer ${LG_AGENT_TOKEN}" \
  -H "Content-Type: application/json" \
Confidence
94% confidence
Finding
curl -sS "${BASE_URL}/agent/skills/execute" \ -X POST \ -H "Authorization: Bearer ${LG_AGENT_TOKEN}" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ --data

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal