ClawHub

Game Tickets - Buy tickets with your credit card

Security checks across malware telemetry and agentic risk

Overview

This is a real-money payment skill that is listed as ticket shopping but gives the agent much broader shopping, payment collection, and x402 payment abilities.

Install only if you want a broad CreditClaw payment and shopping skill, not just ticket buying. Keep approval mode set to ask for every purchase, set low limits and narrow merchant/category restrictions, protect CREDITCLAW_API_KEY like a payment credential, and do not enable payment links or x402 payments unless you explicitly need those capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises a narrow ticket-shopping capability, but the skill actually enables broad financial operations including general purchases, wallet funding, payment collection, and multiple payment rails. This scope mismatch can mislead users, policy systems, or allowlists into granting the skill more trust and access than its real capabilities justify.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The payment-link feature allows the agent to charge third parties, which is materially different from shopping on the owner's behalf. This expands the skill from controlled spending into funds collection and external payment interactions, increasing abuse potential and violating least-privilege expectations set by the manifest.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Support for x402 and agent-to-agent payments introduces additional financial rails and transfer mechanisms beyond ticket purchasing. Even with server-side guardrails, these capabilities broaden the threat surface and can be used for unintended transfers or settlement flows not obvious from the manifest.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically send a wallet top-up request when balance is low, but it does not clearly frame this as an externally visible state-changing action that initiates a funding workflow on the user's account. In a payment skill, triggering financial workflow requests without an explicit user confirmation step can cause unintended account actions, notification spam, or pressure the owner into funding based on agent behavior rather than deliberate approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This guide instructs an agent how to initiate real purchases against an owner's linked payment methods without an explicit upfront warning that actions can spend real funds. In an agent-skill context, omission of that warning materially increases the chance of unintended financial transactions because the document normalizes checkout behavior and emphasizes broad merchant use.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
Confidence
91% confidence
Finding
auto_approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**You must follow these rules:**
- If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable.
- If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval.
- If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval.
- **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined.
- Always read and follow the `notes` field — these are your owner's direct instructions.
- Cache this for up to 30 minutes. Do not fetch before every micro-purchase.
Confidence
91% confidence
Finding
auto_approve

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal