ClawHub

China Payment Integration

Security checks across malware telemetry and agentic risk

Overview

The skill is a payment integration guide, but its callback examples are under-scoped enough to risk unsafe order-state changes if copied into production.

Review before installing or using in a real checkout system. Treat the callback and refund snippets as educational only until they add full provider signature validation, replay checks, merchant/app/order/amount validation, atomic idempotent state transitions, and fulfillment only on the first valid payment transition.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The WeChat callback handler states it is verifying the callback signature, but it only reads the signature-related headers and then immediately decrypts and processes the notification. This means a forged or replayed callback could potentially mark orders as paid without authenticating that the message actually came from WeChat, which is especially dangerous in a payment-integration skill because readers may copy the example into production.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill's safety rules correctly call for idempotent callback handling, but the callback examples update order state directly without checking whether the order was already processed. Payment providers routinely retry notifications, so non-idempotent handling can cause duplicate fulfillment, repeated side effects, inconsistent accounting, or multiple downstream business actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal