AgentHub - 32 AI APIs via x402

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a paid API gateway, but it asks for a crypto wallet private key and can make automatic paid calls without clear spending or confirmation controls.

Install only if you are comfortable giving this skill access to a dedicated Base wallet private key. Keep only a small USDC balance in that wallet, review or pin the rwagenthub-sdk dependency, and require explicit approval before any paid call, especially email sending or code execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill exposes an `email_send` capability but provides no guidance to require explicit user confirmation, display recipients/content for review, or restrict who can be emailed. In an agent setting, this can enable unauthorized outbound email, spam, phishing, or accidental disclosure of sensitive information if the model triggers the tool based on ambiguous instructions or prompt injection.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill offers a `code_exec` API that executes arbitrary Python, JavaScript, R, or Bash remotely, yet includes no safety warning, usage constraints, or approval requirements. In practice, an agent could be induced to run attacker-supplied code against a remote execution backend, causing data exfiltration, abuse of paid resources, malware-like behavior, or execution of harmful commands.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal