ClawHub

Usage Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill clearly advertises billing features, but it ships real payment authority in the code and can trigger charges without enough safeguards.

Review carefully before installing. Only use this if you trust the publisher and SkillPay.me, and do not use it for real billing until the embedded key is removed and rotated, credentials are explicitly configured by the installer, and every charge has clear user confirmation, limits, and auditability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill goes beyond passive usage tracking and performs real external billing actions, including charging accounts, querying balances, and generating payment links. In an agent-skill context, exposing financial operations through simple text commands creates a strong risk of unauthorized or accidental monetary actions, especially since there is no authentication, confirmation step, or scope restriction tied to the stated purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code exposes direct account payment capabilities through commands like charge, balance, and recharge, which are not justified by a basic usage-tracker role. Because any caller able to invoke the skill can trigger these operations against the configured billing backend, the skill materially expands financial attack surface and enables abuse of stored payment authority.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill loads a billing API key and even includes a hardcoded fallback secret in source code. Hardcoded or broadly accessible billing credentials can be extracted from code, logs, or package distribution and then used to issue unauthorized payment requests against the external service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes personal usage tracking, system-wide statistics, and billing-related features, but does not disclose what data is collected, who can access it, how long it is retained, or how payment-linked records are handled. In a usage-tracking and billing skill, this omission can lead users or operators to collect personal and operational data without informed consent or proper safeguards, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Advertising CSV/JSON export of usage data without warning about sensitive contents can expose personal identifiers, behavior patterns, billing metadata, or team activity if exported insecurely or shared broadly. Because the skill is explicitly designed to track usage and payments, export functionality materially increases the chance of data leakage unless users are warned and protective controls are documented.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises billing, blockchain settlement, and data export, but does not clearly warn users about when charges occur, possible network/gas fees, or the privacy implications of exporting usage records. In a billing context, insufficient disclosure can lead to uninformed consent, surprise charges, and accidental exposure of user or team activity data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill transmits user identifiers and payment amounts to an external billing service and can initiate charges without any confirmation, consent flow, or warning. In an agent environment, users may not realize that a natural-language command immediately causes a real financial API call, making accidental charges and privacy exposure likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill accesses a sensitive billing credential without clear disclosure to users and then uses it to authorize real payment-related API requests. Lack of transparency around credential use increases trust and governance risk, particularly in a tool presented as usage tracking rather than as a payment executor.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal