ClawHub

VISA Virtual Cards | Manage compatible cards, wallets & payments

Security checks across malware telemetry and agentic risk

Overview

This is a real payments skill with disclosed financial functions, but it grants broad money-moving and public selling authority that needs careful review before use.

Install only if you intentionally want an agent to handle real payments. Keep ask-for-everything approval enabled where possible, set strict spend limits and category/domain rules, protect CREDITCLAW_API_KEY and webhook secrets, review invoices/payment links/shops before sending or publishing, and avoid enabling draft Crossmint-style merchant ordering unless you are comfortable sharing shipping details and authorizing physical purchases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says it is for VISA virtual card management, but the file actually instructs an agent to create checkout pages, invoices, shops, and payment links through CreditClaw. This capability mismatch is dangerous because it can mislead users and downstream policy systems into granting a payments-processing skill under the guise of a card-management skill, increasing the chance of unauthorized fund collection or deceptive behavior.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This document adds real-world purchasing and merchant-ordering capabilities that go beyond the stated skill scope of managing VISA virtual cards. Hidden or expanded financial functionality increases the risk of unauthorized purchases, policy bypass, and user/operator misunderstanding about what the skill can actually do.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The file documents end-to-end ecommerce purchasing, including handling shipping addresses, which materially expands the data sensitivity and action scope of the skill. In a financial agent context, this makes misuse more dangerous because it can trigger physical goods purchases and expose personal delivery information.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The statement that this file is not listed in the skill manifest indicates undocumented functionality outside the declared interface. Undisclosed capabilities are risky because they can evade normal review, user expectations, and security controls tied to the manifest.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill explicitly collects and transmits buyer personal data such as recipient names, recipient emails, and optionally buyer names/emails, but provides no privacy notice, consent guidance, retention limits, or handling constraints. In a payment workflow, this omission raises real privacy and compliance risk because agents may process PII without clear authorization or user awareness.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The workflow describes sending purchase details and shipping addresses through external infrastructure without any explicit privacy or data-sharing warning. This is dangerous because agents may transmit sensitive personal and transactional data to third parties without informed consent or adequate handling expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal