ClawHub

Token Approval Checker

Security checks across malware telemetry and agentic risk

Overview

This wallet-approval skill is mostly coherent, but it exposes a billing API key and shows under-scoped paid billing behavior that users should review before use.

Install only if you trust the publisher and SkillPay billing flow. Do not use this version with real billing until the exposed API key is removed or rotated, billing consent is explicit, and the approval-checking behavior is clarified; use trusted revoke tools and verify every wallet transaction before signing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill embeds payment-processing logic and a hardcoded live-looking API key directly in documentation, which exposes a secret and grants functionality unrelated to merely checking token approvals. If reused by an agent or copied into production, this could enable unauthorized billing actions, balance queries, or abuse of the billing backend using user identifiers.

Description-Behavior Mismatch

Medium
Confidence
76% confidence
Finding
The skill claims to check approval risks and manage revocations, but the concrete implementation shown focuses on charging users and a manual revoke snippet rather than actual approval-risk analysis. This mismatch can mislead users or host agents into trusting a security function that is not implemented, creating unsafe reliance and potential financial charging without delivering the promised protective analysis.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The billing code transmits user identifiers to an external service, but the user-facing description only mentions price and does not clearly disclose the data sharing or external billing dependency. In a wallet-security context, undisclosed transmission of identifiers to a third party raises privacy and trust concerns and could expose users to correlation or tracking risks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The embedded example exposes a sensitive billing API credential directly in the skill file without safeguards or warnings. Anyone with access to the skill can extract and abuse the key for unauthorized billing operations, payment-link generation, balance lookups, or service abuse, making this the most severe issue in the file.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The manual revoke example performs a real state-changing blockchain transaction, but the example is presented without an adjacent explicit warning that executing it will spend gas and alter wallet approvals. In a wallet-management skill, users may copy or adapt the snippet without fully understanding transaction consequences, leading to unintended on-chain actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal