ClawHub

x402 Compute

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for x402 compute management, but it deserves Review because it combines wallet/payment authority, cloud-instance mutation, background node operation, and several under-scoped installation or command paths.

Install only if you are comfortable letting an agent manage paid compute and wallet-backed payments. Use a dedicated low-balance wallet, pin and review dependencies, avoid the generic OWS pass-through unless you intend broad wallet CLI access, inspect remote installers before execution, prefer SSH keys over password fallback, and confirm instance IDs and costs before provision, extend, resize, or destroy actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generic `run` subcommand forwards arbitrary user-supplied arguments directly to the OWS CLI, effectively turning a purpose-built compute wrapper into a broad wallet-management command proxy. In the context of a compute skill that can interact with wallets and API keys, this expands capability beyond intended operations and can enable unauthorized wallet actions, sensitive data access, or creation/modification of credentials if an agent or prompt is manipulated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents instance destruction with no explicit warning that the operation is irreversible and may permanently delete workloads, disks, and data. In an agentic context, that omission increases the risk of accidental destructive actions being carried out without adequate user confirmation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API documents retrieval of a one-time root password but does not prominently warn that this returns highly sensitive credentials that must be handled carefully. In an agent context, such secrets may be logged, surfaced to users, stored in traces, or reused insecurely, increasing the chance of credential disclosure and full instance compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs operators to execute a remote installer directly via a shell pipe, which removes any opportunity to inspect, verify, or pin the downloaded code before execution. In an agent-runnable skill for provisioning node software, this is especially dangerous because it normalizes immediate host-level execution of network-fetched code on a machine that may also hold wallet material, staking credentials, or service secrets.

Unpinned Dependencies

Low
Category
Supply Chain
Content
eth-account>=0.8.0
web3>=6.0.0
requests>=2.28.0
python-dotenv>=1.0.0
Confidence
94% confidence
Finding
eth-account>=0.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
eth-account>=0.8.0
web3>=6.0.0
requests>=2.28.0
python-dotenv>=1.0.0
solders>=0.20.0
Confidence
94% confidence
Finding
web3>=6.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
eth-account>=0.8.0
web3>=6.0.0
requests>=2.28.0
python-dotenv>=1.0.0
solders>=0.20.0
Confidence
97% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
eth-account>=0.8.0
web3>=6.0.0
requests>=2.28.0
python-dotenv>=1.0.0
solders>=0.20.0
Confidence
90% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
web3>=6.0.0
requests>=2.28.0
python-dotenv>=1.0.0
solders>=0.20.0
Confidence
90% confidence
Finding
solders>=0.20.0

Known Vulnerable Dependency: eth-account — 1 advisory(ies): CVE-2022-1930 (Regular expression denial of service in eth-account)

Low
Category
Supply Chain
Confidence
79% confidence
Finding
eth-account

Known Vulnerable Dependency: web3 — 1 advisory(ies): CVE-2026-40072 (web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling)

Low
Category
Supply Chain
Confidence
77% confidence
Finding
web3

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
73% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal