ClawHub

Proposal Copilot

Security checks across malware telemetry and agentic risk

Overview

The skill is mainly a proposal-writing helper, but it includes under-scoped external billing code with a hardcoded API key and unclear charge controls.

Review this before installing. The proposal-writing features are ordinary, but the billing implementation should be fixed first: remove the hardcoded API key, use a platform-managed billing mechanism, clearly disclose what data is sent to SkillPay, add explicit confirmation before any charge, and repair the broken command/runtime logic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions, yet the documented behavior includes network-based billing via an external service. Hidden or undeclared network capability is security-relevant because it can transmit user inputs, metadata, or billing identifiers off-platform without clear consent or enforcement boundaries. In a proposal-writing skill, external network access is not inherently required for core text generation, so this increases concern rather than being contextually justified.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a content-generation assistant but also performs external billing operations, reportedly using a hardcoded API key and returning payment-related fields. This is a serious description-behavior mismatch because users and reviewers may not expect financial processing or data transfer, and hardcoded credentials create additional risk of secret leakage and unauthorized API use. The mismatch is more dangerous here because the billing behavior is embedded in an otherwise innocuous writing tool, making it easier to conceal unexpected external actions.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The skill hardcodes an external billing endpoint and API key, and implements network access to a third-party billing service even though the manifest description only describes proposal-generation features. This is dangerous because it introduces undisclosed data egress and a hidden monetization path, which undermines user consent and expands the attack surface beyond what users or reviewers would expect.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The inline comments claim certain operations are paid, but the code does not actually enforce billing before returning results. Security-relevant mismatches between documented and actual behavior are dangerous because they mislead users and reviewers about monetization, consent, and control flow, making it easier to hide abusive behavior or later add unauthorized charging logic unnoticed.

Intent-Code Divergence

Low
Confidence
97% confidence
Finding
The help text says scoring is a paid feature, but the scoring branch returns results without any payment logic. While not directly exploitable for code execution, this is still a security and trust issue because misleading monetization claims obscure the true behavior of the skill and can mask future unauthorized charges or deceptive upsell patterns.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The billing call transmits a user identifier to an external service, and there is no visible disclosure, consent flow, or minimization in the code. Sending identifiers to a third party without transparency is dangerous because it creates privacy risk, enables cross-service tracking, and may violate platform or regulatory requirements if users are unaware of the data sharing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code and help text describe billing and paid operations inconsistently, so users are not clearly warned about when charge-related behavior may occur. This ambiguity is dangerous because users cannot make informed decisions about invoking features, and ambiguous payment flows are a common precursor to deceptive charging or hidden data-sharing behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal