ClawHub

MoonPay Commerce (Helio) Accept Crypto Payments

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but its setup and status commands can expose payment API credential material in the terminal, so it should be reviewed before installation.

Install only if you intend to let the agent help manage a MoonPay Commerce/Helio merchant account. Run setup in a trusted local terminal, avoid sharing terminal logs or screenshots, use a dedicated least-privilege API key if Helio supports it, verify amounts and pay link IDs before create/disable actions, and clear the saved config when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares shell-based capabilities through setup and helper scripts but does not explicitly declare permissions for shell execution. This weakens the security boundary and can cause the platform or user to underestimate the skill's ability to read secrets, invoke local tools, and make authenticated network requests.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The status command prints masked portions of both the API key and API secret, unnecessarily disclosing secret material to anyone with terminal, scrollback, logging, or shoulder-surfing access. In a payment-processing skill, revealing any part of long-lived credentials increases credential exposure risk without being operationally necessary.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to send an API secret in an Authorization header and an API key in the query string, but it gives no guidance on secret handling, storage, logging, or redaction. In an agent/tooling context, this increases the risk that credentials will be hardcoded, exposed in traces, or leaked via logs and telemetry during request construction.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The webhook section tells users to configure a target URL for transaction events but does not warn that payment-related data will be transmitted to that external endpoint. In an agent skill that may automate setup, this can lead to accidental disclosure of transaction metadata to untrusted or misconfigured destinations.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script reads the API secret using a normal visible prompt, which echoes the credential on screen as the user types. That exposes sensitive payment API credentials to shoulder surfing, terminal recording, session logging, and shell-sharing environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The status command reveals partial API key and secret values without user confirmation, which can leak credential fragments into logs, screenshots, terminal history, or shared support transcripts. Even partial disclosure is unnecessary for normal operation and is especially sensitive in a crypto payment integration using privileged API credentials.

External Transmission

Medium
Category
Data Exfiltration
Content
### Create a Pay Link
```bash
curl -s -X POST "https://api.hel.io/v1/paylink/create/api-key?apiKey=$HELIO_API_KEY" \
  -H "Authorization: Bearer $HELIO_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
curl -s -X POST "https://api.hel.io/v1/paylink/create/api-key?apiKey=$HELIO_API_KEY" \ -H "Authorization: Bearer $HELIO_API_SECRET" \ -H "Content-Type: application/json" \ -d '{ "name": "My

External Transmission

Medium
Category
Data Exfiltration
Content
### Create a Pay Link
```bash
curl -s -X POST "https://api.hel.io/v1/paylink/create/api-key?apiKey=$HELIO_API_KEY" \
  -H "Authorization: Bearer $HELIO_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
https://api.hel.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Create a Charge (Checkout URL)
```bash
curl -s -X POST "https://api.hel.io/v1/charge/api-key?apiKey=$HELIO_API_KEY" \
  -H "Authorization: Bearer $HELIO_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"paymentRequestId": "<PAYLINK_ID>"}'
Confidence
91% confidence
Finding
https://api.hel.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Check Transactions
```bash
curl -s "https://api.hel.io/v1/paylink/<PAYLINK_ID>/transactions?apiKey=$HELIO_API_KEY" \
  -H "Authorization: Bearer $HELIO_API_SECRET"
```
Confidence
88% confidence
Finding
https://api.hel.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Disable / Enable a Pay Link
```bash
curl -s -X PATCH "https://api.hel.io/v1/paylink/<PAYLINK_ID>/disable?apiKey=$HELIO_API_KEY&disabled=true" \
  -H "Authorization: Bearer $HELIO_API_SECRET"
```
Confidence
92% confidence
Finding
https://api.hel.io/

Session Persistence

Medium
Category
Rogue Agent
Content
curl -s https://api.hel.io/v1/currency | jq '.[].symbol'
```

### Create a Pay Link
```bash
curl -s -X POST "https://api.hel.io/v1/paylink/create/api-key?apiKey=$HELIO_API_KEY" \
  -H "Authorization: Bearer $HELIO_API_SECRET" \
Confidence
78% confidence
Finding
Create a Pay Link ```bash curl -s -X POST "https://api.hel.io/v1/paylink/create/api-key?apiKey=$HELIO_API_KEY" \ -H "Authorization: Bearer $HELIO_API_SECRET" \ -H "Content-Type: application/json"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal