ClawHub

Agentpay

Security checks across malware telemetry and agentic risk

Overview

AgentPay is a disclosed real-payment checkout helper, but it gives agents broad purchasing and payment-tool access with incomplete scoping and network exposure guidance.

Install only if you trust the external agentpay npm package and publisher. Use a low-limit or virtual card, set strict budgets, avoid HTTP MCP unless it is local and authenticated, and review merchant, item, URL, final price, shipping details, recurrence, and cancellation terms before approving any transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to activate on many ordinary shopping or booking requests, while the skill can initiate real-world purchase flows. In an agent environment, overbroad routing increases the chance the skill is invoked without clear user intent, budget context, or merchant constraints, which can lead to unintended financial actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The upfront description emphasizes secure credentials but does not clearly warn that approved transactions can be automatically executed on live merchant sites. That omission can cause users or orchestrators to treat the skill like a planning or recommendation tool rather than one capable of completing binding purchases, increasing the risk of unintended spending.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Documenting HTTP MCP mode without any exposure guidance encourages deployment of payment-capable tooling over a network surface. If bound insecurely or exposed beyond localhost, other local users, processes, or remote parties may be able to invoke purchase-related operations or access sensitive transaction metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal