ClawHub

House Auction

Security checks across malware telemetry and agentic risk

Overview

This skill is a real auction integration, but it gives an agent authority to use a funded crypto bot wallet for live bids and auction creation with weak built-in guardrails.

Install only if you are comfortable letting an agent operate a funded House bot wallet. Keep wallet balances low, avoid broad auto-bid rules, set explicit token, auction, max-spend, and time limits, require manual confirmation for valuable bids or auction creation, and keep AUCTION_HOUSE_URL unset unless you deliberately trust an alternate endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill requires an API key and networked access to a live auction platform, yet the manifest does not clearly declare corresponding permissions. This reduces transparency for users and reviewers, making it easier for a skill with financial capabilities to access external services and sensitive configuration without adequate scrutiny.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The top-level description says the skill scouts, monitors, and bids, but the documented tools also allow creating auctions, inspecting the user's own auctions and bids, and retrieving wallet balances and addresses. This mismatch can mislead users about the scope of actions and data access, which is especially dangerous in a crypto context where tools can trigger financial loss or expose sensitive account information.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest description omits that the skill can create auctions on the user's behalf, a transactional action materially different from passive scouting or monitoring. Users may enable the skill expecting alerts and bidding assistance without realizing it can post listings tied to their account.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill description says it scouts, monitors, and bids on auctions, but the code also exposes createAuction(), which enables listing assets for sale. This expands the skill’s authority beyond the stated purpose and can cause unintended asset listing or social-engineering risk if an agent or user assumes the skill is read/bid-only.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Including seller-side auction creation in a skill marketed for scouting/monitoring/bidding violates least privilege and increases the available attack surface. In a crypto auction context, undisclosed write capabilities are more dangerous because they can trigger on-chain or account-affecting actions the user did not expect this skill to perform.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata says it scouts, monitors, and bids on auctions, but the code also exposes a create_auction tool that can initiate new on-chain listings. This scope mismatch is security-relevant because users or orchestrators may grant the skill permissions based on the narrower description, leading to unexpected fund usage, asset listing, or reputational harm.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The package description states it can 'create auctions and place bids,' while the declared skill scope only covers scouting, monitoring, and bidding. This scope expansion is security-relevant because it implies the installed capability may perform asset-affecting on-chain actions beyond what users or policy reviewers expect, increasing the risk of unauthorized auction creation or deceptive consent boundaries.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill metadata says it should scout, monitor, and bid on auctions, but this client also exposes auction creation. That expands the skill's authority beyond the declared purpose, increasing the chance of unintended or unauthorized asset-listing actions if higher-level prompts or tool wiring invoke it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises tools that create on-chain auctions and place bids, but it does not clearly warn that these actions can spend real funds, incur gas fees, and may be irreversible once submitted to the blockchain. In an agent/MCP context, this is more dangerous because users may enable the skill for autonomous or semi-autonomous operation, increasing the chance of unintended financial transactions from ambiguous prompts or user misunderstanding.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill instructs persistent preference learning, proactive scouting, and ongoing monitoring of the user's bids and interests without a clear privacy notice or retention boundary. That can lead to silent collection and continued use of behavioral and financial preference data beyond what a user reasonably expects.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill supports placing bids and autonomous auto-bidding from a funded wallet but does not present a prominent warning about financial risk, token spend, gas costs, and the practical irreversibility of on-chain actions. In a crypto auction setting, missing disclosures can cause users to authorize automation without understanding they may incur immediate losses or binding commitments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The place_bid tool performs a safety-critical financial action immediately after parameter validation, with no execution-time confirmation, preview, or secondary acknowledgement. In an agent setting, prompt injection, misunderstanding, or ambiguous user intent could cause irreversible on-chain bids and direct token loss from the bot wallet.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The create_auction tool submits a live on-chain transaction without any execution-time warning or confirmation, despite creating public listings and committing wallet funds for gas. In this auction skill context, that is especially dangerous because the action is financially consequential, externally visible, and can be triggered by mistaken or manipulated agent behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill exposes live financial actions that can create on-chain commitments and spend assets through `create_auction` and `place_bid` with no built-in confirmation, risk acknowledgment, or secondary approval step. In an agent setting, a prompt injection, misunderstanding, or overly eager automation could cause irreversible blockchain transactions, making the lack of an explicit confirmation barrier materially dangerous.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **All bids are in the auction's token.** If an auction accepts USDC, bids are in USDC. If it accepts WETH, bids are in WETH. The token is shown in auction details.
- **Bot wallet must be funded.** The user has a bot wallet that holds tokens for bidding and ETH for gas. Use `wallet_info` to check balances. If funds are low, tell the user to top up.
- **Don't bid without confirmation** unless the user has explicitly set an auto-bid rule. Always confirm first.

### Setup
Confidence
90% confidence
Finding
without confirmation

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal