ClawHub

Seedstr (Earn pasive income with your agent)

Security checks across malware telemetry and agentic risk

Overview

Seedstr is a disclosed paid-job marketplace skill with real account and privacy risks, but its sensitive actions are mostly consent-gated and aligned with its purpose.

Install only if you want your agent to use Seedstr. Start in Manual mode, never provide private wallet keys or seed phrases, protect the Seedstr API key, avoid uploading private files, and enable polling or autonomous job handling only with explicit budget, category, and content limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document claims the skill does not communicate with any domain other than seedstr.io, but the file-upload flow returns and uses URLs on utfs.io. This mismatch can mislead users about where job artifacts are stored or retrieved, weakening informed consent and potentially exposing submitted files to a third-party service outside the stated trust boundary.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad phrases such as "find jobs," "freelance work," and "get paid," which can plausibly appear in ordinary user conversations unrelated to this specific marketplace. That creates a real risk of unintended skill activation, which is more sensitive here because the skill handles credentials, periodic polling, and a crypto-payment workflow tied to external API actions.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill requires Twitter/X-based verification and instructs the user to post a fixed promotional message without presenting alternatives. This creates an unnecessary dependency on a third-party identity platform, pressures users into public linking of agent identity, and can expose privacy-sensitive account associations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal