ClawHub

ClawPay Escrow

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Solana escrow helper, but it asks agents to locate and use wallet key files for real payments with broad activation and an unpinned payment SDK.

Install only if you intentionally want an agent to manage Solana escrow payments. Use a dedicated low-balance wallet, set `SOLANA_KEYPAIR_PATH` to one explicit keypair file, verify or pin the `clawpay` package, and require confirmation of the wallet, network, recipient public key, amount, fees, and escrow address before any transaction is signed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is broad enough to activate on generic payment-related requests, including actions like paying agents or buying services, which can lead an agent to invoke a high-risk financial skill in contexts where the user did not explicitly request escrowed on-chain payment. Because this skill can move funds and interact with blockchain accounts, over-broad triggering increases the chance of unintended financial actions or unnecessary exposure to wallet material.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The setup instructions tell the agent to search common filesystem locations for a Solana wallet keypair, which encourages access to highly sensitive credentials without an explicit user-consent step. In a financial skill, this is especially dangerous because a discovered private key could enable unauthorized transactions, wallet compromise, or disclosure of secret material.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal