ClawHub

Agentcash

Security checks across malware telemetry and agentic risk

Overview

The skill is a real paid API helper, but it gives agents broad paid-action authority and includes under-disclosed credential and payment-settlement workflows.

Review this carefully before installing. Use it only if you want an agent to make wallet-funded third-party API calls, and require explicit confirmation before paid requests, email or phone actions, service registration, settlement, adding new skills, or storing API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is to call pay-per-call APIs using wallet-based authentication, but it also includes unrelated service-provider registration, API-key issuance, settlement, and credential storage flows. This broadens the trust boundary significantly by introducing long-lived secrets and money-moving operations that could be invoked or copied by an agent without clear user intent, creating risk of unauthorized registration, fund movement, or secret exposure.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document advertises 'No API keys' but later instructs the user to obtain and use an API key for x402-Agent-Pay. This is a security-relevant contradiction because it can mislead users or agents into treating the workflow as keyless and low-risk while actually introducing sensitive credentials that need secure storage and restricted use.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is extremely broad and overlaps with many normal user intents such as research, web search, image generation, email, phone calls, jobs, and travel. In an agent environment, this can cause the skill to activate too often and route common requests into paid third-party workflows, increasing the chance of unintended charges, data disclosure, or execution of unsafe service instructions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages use of paid network operations and third-party services without a prominent upfront warning that requests may incur charges and transmit user data externally. In context, the skill is designed to call remote paid APIs, so the omission materially increases the risk of uninformed consent failures and accidental spending or disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The reference documents logging into a dashboard with an API key and includes a realistic-looking API key value in the registration example, normalizing direct credential use without any warning about secrecy, rotation, or least-privilege handling. In an agent skill whose purpose is payment and partner onboarding, this increases the chance that downstream agents or users will treat API keys as ordinary identifiers, leak them in logs or prompts, or use long-lived secrets in unsafe contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal