ClawHub

Pay a Human

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a real payment API, but it combines money-moving actions with webhook administration and account metadata access without enough scoping or confirmation guidance.

Install only if you trust the publisher and intend to let the agent use the Pay a Human API. Use limited-scope credentials, require explicit approval before every payout or webhook change, and review any webhook target URL carefully before allowing the agent to create or delete it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill markets itself as a narrowly scoped payout capability, but the documented API surface also includes team information access and webhook administration. This scope mismatch can mislead users and higher-level agents into granting trust or permissions under false assumptions, increasing the chance of unintended data exposure or configuration changes.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Webhook creation and deletion are privileged configuration actions that go beyond sending payouts and can be abused to redirect event data, disrupt integrations, or establish persistence via attacker-controlled endpoints. In a payment-related skill, undocumented configuration powers materially increase risk because an agent may invoke them without the operator realizing the broader blast radius.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Retrieving team information is not necessary for sending payouts and expands access to potentially sensitive account metadata. While lower impact than write actions, this broadens the skill's data access beyond user expectations and could aid reconnaissance for follow-on abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides ready-to-run examples for payout creation and webhook deletion without prominent warnings or confirmation guidance for operations that move funds or alter system configuration. This increases the likelihood of accidental execution by users or autonomous agents, especially given the shell-oriented presentation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal