ClawHub

Pg Status

Security checks across malware telemetry and agentic risk

Overview

This looks like a ProxyGate status helper, but it bundles broad command guidance for fund movement, proxy requests, listing administration, tunnels, and job actions that go beyond status checks.

Install only if you want an agent to help with ProxyGate account status and you are prepared to supervise it closely. Treat this as review-worthy: allow read-only commands such as balance, usage, settlements, listings list/docs, and jobs list/get, but do not allow deposit, withdraw, proxy, listing mutation, key rotation, tunnel, job lifecycle, logout, or skill-install commands unless you explicitly requested that exact action and confirmed the consequences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is explicitly described as a status-checking capability, but the bundled command reference exposes authentication, fund movement, arbitrary proxying, listing management, tunnels, and jobs. In an agent setting, this scope expansion materially increases the chance the agent will invoke high-risk commands outside the user's expected intent, making the documentation itself a dangerous capability surface.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Arbitrary proxy request capability is not justified by a status-checking skill and can be used to send network requests to external services, incur charges, access sensitive APIs, or perform unintended actions. Because the skill encourages use whenever a user asks for balance or status, the mismatch makes accidental or adversarial misuse more likely.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Deposit, withdraw, keypair, and transaction-confirmation commands enable direct movement of funds and wallet operations, which are far outside a status-only use case. In an agent workflow, exposing these commands creates a clear path for unauthorized withdrawals, costly mistakes, or social-engineering-triggered financial loss.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Listing management, job marketplace actions, tunnels, and development commands allow persistent configuration changes, service exposure, and transactional actions unrelated to viewing status. Their presence broadens the attack surface and may cause the agent to perform operational changes when the user only expected passive inspection.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description explicitly instructs broad auto-use on common phrases like "check balance," "my usage," and "what's my balance," which can easily appear in ordinary conversation and trigger the skill when the user did not intend ProxyGate-specific actions. This increases the chance of incorrect skill routing, unintended disclosure of account status, or confusing execution in contexts unrelated to ProxyGate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Withdraw and related externally impactful wallet commands are documented without strong warnings about irreversible financial consequences, prerequisites, and confirmation expectations. In a tool-using agent, absence of clear warnings increases the likelihood of unsafe autonomous execution or user misunderstanding around live fund transfers.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Permanent deletion of listings is a destructive action, yet the reference provides no visible warning about irreversibility, downstream business impact, or recovery limitations. This is dangerous in an agent context because a mistaken invocation could disrupt service availability and seller operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Commands that send proxy traffic or expose services to networks can leak data, trigger external side effects, and incur usage costs, but the reference lacks clear warnings about privacy, billing, and network exposure. In a status-oriented skill, this omission is especially risky because users would not reasonably expect such behavior from the advertised purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal