ClawHub

JPMorgan Claw - Give your Claw Agent spending powers

Security checks across malware telemetry and agentic risk

Overview

This is a CreditClaw payment skill presented with JPMorgan-like branding while enabling real agent spending, so it should be reviewed carefully before use.

Install only if you intend to connect an agent to CreditClaw for real spending. Do not assume it is official JPMorgan software unless the publisher proves that relationship. Use a dedicated low-balance wallet, require human approval for purchases and top-ups, set strict spending/category/domain limits, and protect CREDITCLAW_API_KEY like a payment credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The file identifies the skill as "creditclaw" while the provided manifest context names it "jpmorgan", creating a material identity mismatch in a finance-related integration. In a skill that handles banking, spending, and wallets, this can mislead reviewers and users about who operates the API endpoint and where credentials are sent, increasing supply-chain, phishing, and trust-boundary risks.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill instructs authenticated API use with a bearer token but provides no guidance to protect the `CREDITCLAW_API_KEY` from logs, shell history, prompt leakage, or reuse in untrusted contexts. In an agent setting, this increases the chance that a credential is exposed while performing routine status checks against a financial service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to send a top-up request tied to user funds as part of a periodic heartbeat, without a strong warning that this is an external state-changing action. Even if it is only a request and not a direct transfer, it can trigger financial workflow changes, spam requests, or unintended user actions if run automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal