ClawHub

Anthropic Usage

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it handles an organization Admin API key and one script error path tells users to paste that key into chat, which needs review before installation.

Install only if you intend to grant this skill access to Anthropic organization usage data. Use the OpenClaw API key field or direct config entry, do not paste an Admin API key into chat, and expect calls to api.anthropic.com plus a possible fetch from anthropic.com/pricing for cost estimates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly uses shell execution and network access, but the manifest does not declare permissions or equivalent capability requirements. This weakens policy enforcement and user transparency, making it easier for a seemingly simple reporting skill to perform actions the platform or user did not explicitly approve.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest says the skill queries Anthropic Admin API usage reports, but the instructions also direct the agent to fetch live pricing data from anthropic.com and calculate costs. This is a scope expansion beyond the declared purpose, which can surprise users and bypass least-privilege expectations even if the extra fetch is to a related domain.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly tells users they can paste an Anthropic Admin API key into chat so the agent can store it automatically. Encouraging entry of a high-privilege credential into conversational channels materially increases the risk of credential exposure through logs, prompt history, model processing, agent integrations, or unintended persistence outside a dedicated secret store.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs the agent to make an external request to anthropic.com/pricing without clearly warning the user at runtime that another network call will occur. Even though the destination is related to the declared vendor, silent outbound requests reduce transparency and can expose usage context or normalize hidden network behavior in other skills.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Telling users to paste an admin key into chat is a direct secret-handling anti-pattern. Because this skill uses an Admin API key, compromise could expose organization-wide usage visibility and potentially enable broader administrative abuse depending on the key's scope and surrounding platform behavior.

Ssd 3

High
Confidence
99% confidence
Finding
The skill normalizes sending a privileged secret through chat so the agent can persist it automatically, which creates unnecessary exposure of an admin credential. In the context of a usage-reporting skill, this behavior is not required for functionality and expands the attack surface to chat retention, telemetry, and downstream tooling that may process message contents.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal