ClawHub

Balance Checker

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: check AI provider account balances using configured local credentials, with no evidence of hidden exfiltration, destructive behavior, or persistence.

Install this only if you are comfortable letting it use the listed provider API keys to read billing balance information. Configure only the providers you actually use, prefer billing-read-only or least-privilege keys where available, and review the optional Volcengine setup because it installs an unpinned Python SDK and may need minor fixing before it runs cleanly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation instructs users to configure multiple API credentials in environment variables and to run shell scripts, but the skill manifest shown does not declare any permissions. This creates a transparency and least-privilege problem: the skill clearly needs access to env, file/config data, and shell execution, yet users are not explicitly informed through declared permissions, increasing the risk of unexpected secret access or command execution.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases described in the README are very broad, natural-language expressions such as '查余额' and '余额多少', which are likely to appear in ordinary conversation. In an agent environment with automatic skill invocation, this can cause unintended activation and unnecessary use of stored API credentials, potentially exposing billing information or causing network requests the user did not explicitly intend.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are generic everyday language such as '查余额' and '余额多少', which may appear in normal conversation unrelated to this specific skill. That can cause accidental auto-triggering, leading the agent to access configured credentials and perform external balance queries without the user clearly intending to invoke this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal