ClawHub

Soho

Security checks across malware telemetry and agentic risk

Overview

This payment skill is not clearly malicious, but it should be reviewed carefully because it can initiate wallet-signed blockchain payments and its package has important scoping and packaging gaps.

Install only if you trust the publisher and understand that this can request signatures and submit blockchain payments. Use a trusted remote signer with tightly scoped credentials, avoid real private keys unless absolutely necessary, verify every amount and merchant address, and confirm the packaging/import issues are fixed before using it with funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes behavior that uses environment variables and network access, including RPC endpoints, a remote wallet signer service, and bearer authentication tokens, but the finding indicates these capabilities are not explicitly declared in permissions. That mismatch can weaken sandboxing and review controls because operators may approve a skill without realizing it can access sensitive env secrets and make outbound requests to signing and payment infrastructure.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The factory exposes a generic remote `sendTx` capability even though the skill is described as initiating payments via EIP-712 signatures. This expands the trust boundary from message signing to arbitrary transaction submission, which can enable unintended on-chain actions if callers, configs, or the remote signing service are compromised or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal