ClawHub

Talentir HumanPay

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Talentir payment skill, but it gives an agent money-moving and webhook-changing powers without enough built-in approval guidance.

Install only if you intentionally want an agent to operate Talentir payments. Use a dedicated low-limit API key, avoid auto-approval permission unless required, confirm every payout and webhook change manually, verify webhook URLs are yours, and monitor or revoke the key if behavior is unexpected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a payout tool, but the documentation also exposes team metadata access and full webhook management. This scope expansion increases the blast radius beyond the stated purpose, enabling persistence, outbound notification changes, or account reconnaissance if an agent is granted the skill without understanding the extra capabilities.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Webhook creation and deletion are materially different from sending payouts and can be abused to establish unauthorized data exfiltration channels or disable legitimate monitoring. In an agent setting, these side capabilities are dangerous because they let the skill alter integrations and persistence surfaces under the same API credential.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation includes actions with direct financial effect (creating payouts) and destructive configuration effect (deleting webhooks) but does not instruct the agent or user to obtain explicit confirmation before execution. In autonomous contexts, that omission can lead to unauthorized spending, accidental transfers, or deletion of operational integrations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal