ClawHub

x402-direct

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using the x402.direct service directory, and its paid search behavior is disclosed and aligned with that purpose.

Install this only if you want your agent to discover x402-enabled services. Prefer the free browse, details, and stats endpoints when they are enough, and require confirmation or use a tightly limited wallet before allowing paid search calls, since each `/api/search` request can spend real USDC.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad enough to activate on generic phrases like "x402 API" or "search x402," which can cause the skill to run in contexts where the user did not clearly request directory lookup or paid-service discovery. In an agent setting, overbroad activation increases the chance of unnecessary external calls and can cascade into the paid search flow, especially because this skill is tied to wallet-enabled x402 interactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly describes that x402-aware clients may automatically handle payment for `/api/search`, but it does not clearly warn that this can spend wallet funds without an extra user confirmation step. In an autonomous or semi-autonomous agent, this omission is dangerous because a simple search action can trigger real on-chain or facilitated payment behavior, leading to unintended spending and making prompt-triggered misuse more likely.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal