ClawHub

Numinous Tools

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Numinous forecasting integration, but it can spend credits or USDC and uses sensitive API or wallet credentials.

Install only if you trust Numinous with the forecast questions, market identifiers, and credentials you provide. Prefer a dedicated API key, use a low-balance wallet for x402 payments, keep secrets out of committed files and logs, and treat any miner code fetched from public endpoints as untrusted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to read environment variables containing API keys and private keys and to make outbound network requests, yet the skill metadata declares no permissions. This creates a trust and policy-bypass risk: a host may expose the skill to sensitive credentials or allow network egress without an explicit consent boundary, increasing the chance of secret misuse or unintended external calls.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script's behavior materially exceeds a read-oriented forecasting/data-access description by creating remote prediction jobs and consuming credits per invocation. In an agent-skill setting, this can cause unintended paid actions, external side effects, and user surprise if the orchestrator or user expects passive data retrieval only.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script sends user-provided market identifiers or free-text questions to an external Numinous API, but gives no explicit warning that the input will leave the local environment. This is a real privacy/transparency issue because users may paste sensitive or proprietary questions assuming local processing, especially in an agent-skill context where network calls may be less obvious.

VirusTotal

No VirusTotal findings

View on VirusTotal