Back to skill

Security audit

Clawpay

Security checks across malware telemetry and agentic risk

Overview

Clawpay is a disclosed payment-request and delivery skill whose network behavior matches its stated purpose, with practical cautions around payment details, recurring polling, and remote install steps.

Before installing or using this skill, confirm the recipient wallet address, amount, currency, pay URL, and request ID. Only deliver payloads you intend to send to Clawpay, and if using the heartbeat flow, restrict it to requests you are deliberately tracking. For local installation, prefer reviewing the downloaded files or using a pinned, verified package source when available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The instruction 'Run this on your heartbeat' is broad and does not define a constrained trigger, scope, or ownership check before polling and acting on payment requests. In an agent environment, ambiguous heartbeat hooks can cause the skill to execute automatically in unrelated contexts, leading to unintended network activity and possible unauthorized delivery actions if the agent 'picks any request_id' without strict binding to its own requests.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises itself for 'any agent-to-agent or human-to-agent exchange,' which is an overly broad scope for a payment-capable skill. Broad invocation language increases the chance an agent will use it in inappropriate contexts, causing unintended payment flows, disclosure of payment links, or execution of monetized actions without sufficient policy gating.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installation instructions fetch remote content with curl and write it directly into the user's home skill directory without any integrity verification, review step, or warning. This creates a supply-chain risk: if the remote host is compromised or the content changes, users may silently install malicious or unsafe skill files into a trusted local location.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.