ClawHub

Verifiable Data

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Cryptowerk proof-workflow helper, with the main caution that it creates and stores sensitive service credentials.

Install only if you intend to use Cryptowerk proof APIs. Store the issued apiKey/apiCredential token in a private secret location, never commit or log it, and do not let an agent automatically complete any x402 paid retry unless you explicitly approve the payment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly enables shell execution plus file read/write behavior, but it does not declare explicit permissions or equivalent capability boundaries in the skill metadata. That mismatch makes the skill harder to review and sandbox correctly, increasing the chance that operators invoke it without understanding that it handles credentials and writes local artifacts.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The notes explicitly describe a paid x402 challenge/retry flow for obtaining service credentials, which conflicts with the skill metadata claim that the skill does not execute purchases. Even as documentation, this can cause an agent or operator to initiate an unintended paid transaction path and weakens trust boundaries around billing-related actions.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script makes a POST request to an endpoint named issue-key and extracts newly issued apiKey/apiCredential values, which is inconsistent with the skill description stating it only obtains existing service credentials and avoids unrelated account actions. Creating fresh service credentials is a sensitive account-affecting action that can expand access, bypass intended provisioning controls, and surprise users or operators who expected read-only credential retrieval behavior.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The notes state that scripts require the CRYPTOWERK_X_API_KEY environment variable but provide no guidance on safe secret handling. In agent and shell-based workflows, this increases the chance of credentials being echoed, logged, persisted in shell history, or exposed through debug output and sidecar artifacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly recommends saving issued service credentials to a local file, but it does not clearly warn that these values are sensitive secrets or give concrete handling guidance beyond generic permission restriction. In a skill centered on credentialed API access, this can lead users to persist long-lived secrets in plaintext sidecar locations, increasing the chance of accidental disclosure through backups, sync tools, logs, or repository inclusion.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script silently performs a network call that results in credential issuance and then returns the secret pair to stdout or writes it to disk, without any warning that a sensitive account action is occurring. In the context of a skill advertised as only obtaining credentials for proof workflows, this increases the chance of unreviewed secret creation, accidental disclosure in logs or pipelines, and operator misunderstanding about what the command actually does.

Session Persistence

Medium
Category
Rogue Agent
Content
- one of `shasum`, `sha256sum`, or `openssl`

Credential handling:
- `scripts/issue-key.sh` can write a fresh token to a file you choose
- runtime scripts expect `CRYPTOWERK_X_API_KEY` to contain the exact combined token value
- keep issued tokens out of watched or committed trees
- the skill uses service credentials only for the documented proof APIs
Confidence
88% confidence
Finding
write a fresh token to a file you choose - runtime scripts expect `CRYPTOWERK_X_API_KEY` to contain the exact combined token value - keep issued tokens out of watched or committed trees - the skill us

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal