ClawHub

PayLobster

Security checks across malware telemetry and agentic risk

Overview

PayLobster is openly a real-money payment skill, but it gives agents broad financial authority without enough safety boundaries in the artifact.

Review carefully before installing. Use a dedicated low-balance wallet or testnet first, require explicit confirmation for every transaction, verify recipient, token, amount, chain, fees, contract address, and merchant/subscription terms, keep private keys and sk_live-style secrets out of prompts, logs, shared configs, and screenshots, and confirm how to revoke spend permissions, streams, subscriptions, treasury roles, and API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section presents natural-language payments, merchant charging, subscriptions, and payment links as routine operations without a prominent warning that these actions can move real funds, create recurring billing, or trigger irreversible on-chain transactions. In an agent-skill context, that omission is dangerous because an agent or operator may treat examples as low-risk automation patterns and initiate real financial actions without explicit human confirmation or understanding of consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes examples using a raw private key from an environment variable and earlier references to live merchant secrets such as sk_live_ tokens, but does not provide strong handling guidance. In a skill intended for agent integration, this normalizes insecure credential use and increases the chance that users place sensitive secrets into prompts, configs, logs, or MCP environments where they can be exposed or misused to steal funds or create unauthorized charges.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal