ClawHub

PayLock SOL Escrow

Security checks across malware telemetry and agentic risk

Overview

PayLock appears to be a real escrow helper, but it needs review because its money-handling model and token handling are inconsistently disclosed.

Review before installing. Use only a PayLock endpoint you trust, assume the production flow may be custodial unless clarified by the publisher, avoid passing tokens via the unified CLI flags, and require explicit human approval before creating, funding, verifying, or releasing any escrowed funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes use of environment variables for authentication tokens and a networked API endpoint, but no explicit permissions declaration is present. In an agent ecosystem, undeclared env and network access can cause users or orchestrators to authorize a skill without understanding it can read secrets and perform remote financial actions.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest markets the skill as 'Non-custodial SOL escrow,' but the architecture section states that v1 production is a REST API with custodial escrow. This mismatch can mislead users into trusting the system with funds under false assumptions about custody, trust boundaries, and failure modes, which is especially dangerous in a financial workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow and safety text describe funding, verification, and a 48-hour auto-release mechanism, but do not present a prominent warning that these actions can irreversibly move or release user assets. In a chat-driven agent setting, lack of explicit transactional risk disclosure increases the chance that an agent or user triggers escrow operations without informed consent or awareness of timeout-based fund release.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This script collects sensitive contract metadata and both parties' wallet addresses, then immediately sends them to a remote API endpoint, optionally to a user-supplied base URL, without any explicit notice, confirmation, or trust validation in this file. In an agent setting, that increases the risk of silent data exfiltration, misrouting to an attacker-controlled endpoint, or users disclosing financial/payment details without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal