ClawHub

ampersend

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed for agent stablecoin payments, but it delegates real spending authority with limited guardrail documentation.

Review this before installing if you are comfortable giving an agent delegated payment authority. Use a dedicated low-balance account, set strict per-transaction, daily, and monthly limits, avoid auto-topup unless you intentionally need it, inspect costs before paying, and verify the npm package source and version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes autonomous payments and states that agents can transact without human approval, but it does not place a strong, proximate warning about real fund movement, irreversible payment effects, or the need for explicit user consent before use. In an agent skill context, this omission is risky because users may invoke payment-capable commands without appreciating that the action can spend stablecoins from configured accounts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`--auto-topup` is documented as an option but the text does not clearly warn that enabling it may automatically pull additional funds from the main account. In a payments skill, this increases the chance of unanticipated balance replenishment and larger-than-expected total spend, especially if an agent repeatedly accesses paid endpoints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The `fetch` command is described as making HTTP requests with automatic x402 payment handling, but it lacks a direct warning that invoking it may both transmit request data to external services and execute paid requests automatically. In an agent environment, this creates dual risk: unintended disclosure of request contents and unintended financial charges when contacting untrusted or mistaken URLs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal