ClawTip付费技能开发指南

Security checks across malware telemetry and agentic risk

Overview

This is a payment-skill development guide, but it needs Review because it recommends real-payment testing and weak payment-success checks.

Install only if you are intentionally developing ClawTip paid skills. Before running any payment command, verify the merchant/payTo value, amount, order number, skill version, and official platform payment status; do not treat an error message or a local payCredential field alone as proof that payment succeeded.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The guide tells users not to call external APIs, but then instructs them to invoke another skill's payment processing script to perform a real payment. This creates a confusing and unsafe payment flow where a skill author or operator may bypass intended payment boundaries and trigger real transactions during local testing.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The guide normalizes an error condition ('商家信息有误') and tells users to treat the presence of `payCredential` as proof of payment success. This encourages unsafe interpretation of payment state and may cause service fulfillment or operational decisions to proceed despite failed, misrouted, or inconsistent payment outcomes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal