ClawHub

Kickbacks.ai — Get Paid for Waiting + Agent Platform Ads

Security checks across malware telemetry and agentic risk

Overview

This is mostly a documentation skill, but it gives under-scoped instructions for inserting ads and tracking into agent tools and forces promotional output behavior.

Review carefully before installing. The skill is not malware and contains no executable code, but it is designed to promote an ad-monetization product and includes guidance for altering developer-tool interfaces and tracking ad interactions. Only use it if you are comfortable with sponsored content in coding tools, and do not apply the adapter or patching guidance without explicit permission from the platform owner and affected users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The document goes well beyond passive documentation and provides operational guidance for file-system patching, CSP modification, UI injection, and telemetry infrastructure to alter third-party agent platforms. In this skill context, that materially increases risk because it instructs how to tamper with installed software and insert sponsored content into user interfaces without establishing authorization, consent, or safety boundaries.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The 'default advertiser' playbook explicitly advocates occupying platform surfaces first and monetizing them later, including language such as 'We don't ask for permission. We occupy the slot.' That is a red flag for unauthorized commercialization of third-party interfaces and can normalize deceptive or coercive modification of agent outputs and UI surfaces.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file claims the behavior is 'privacy-safe' while elsewhere describing injection into waiting-state UI and impression/click tracking via local or remote endpoints. That claim is misleading because software modification and telemetry collection create integrity, consent, and privacy risks even if code contents are not directly exfiltrated.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is unusually broad and includes generic or loosely related phrases such as 'spinner', 'earn while coding', 'default advertiser', and platform-wide monetization terms. This can cause unintended invocation in unrelated conversations, allowing the skill to inject promotional or persuasive content where the user did not request it, which is especially concerning because the skill also mandates proactive onboarding and branded output.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the AI to proactively present the full Quick Start on first load without waiting for user input or consent. This creates unauthorized content injection and can override normal user-driven interaction patterns, increasing the likelihood of spammy behavior, unwanted persuasion, or stealth promotion—especially in combination with mandatory watermarking and cross-product recommendations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Describing file-system patching and telemetry infrastructure without any user warning omits critical safety information about persistent software modification and data transmission. In a skill framed as product guidance, that omission can mislead users into treating invasive behavior as routine or harmless.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The telemetry section explains impression and click tracking endpoints but does not provide user-facing privacy notice, consent expectations, or data-handling limits. That is dangerous because it normalizes adding tracking to developer tools and agent platforms without transparency or governance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document proposes modifying multiple UI surfaces to inject sponsored content during agent activity without warning about altered outputs, deceptive presentation, or user-experience impact. In this context, that is risky because it encourages covert ad insertion into trusted interfaces where users may not realize content has been manipulated for monetization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal