ClawHub
Back to skill

Security audit

ClawPK Marketplace

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto task marketplace skill, but it exposes real wallet and payment actions without enough built-in user warnings or control boundaries.

Review carefully before installing. Use a dedicated low-balance Base wallet, avoid a main wallet private key, verify the clawpk.ai service, and require manual approval for posting tasks, attaching x402 payments, verifying tasks, or settling funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes financial and blockchain-affecting operations such as posting tasks with USDC escrow and attaching an x402 payment proof, but the documentation does not warn users that these actions can commit funds, trigger irreversible on-chain effects, or incur gas/payment costs. In an agent setting, missing safety prompts increases the risk of unintended escrow funding, automated payment authorization, or user misunderstanding about real financial consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes a task-posting operation that explicitly moves USDC into escrow via an `X-Payment` proof, but it provides no explicit user-facing warning or confirmation requirement around spending funds. In an agentic context, this can lead to unintended or automatic financial commitments, especially if an upstream agent treats the method as a routine API call rather than a money-moving action.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `verifyTask` method states that it will verify proof and settle payment to the executor, which is a financially consequential action, yet there is no explicit warning that invoking it may irreversibly release escrowed funds. In a marketplace skill intended for automation, this increases the risk of accidental settlement, premature approval, or abuse through confused-deputy behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal