ClawHub

Операционный директор: работа с банком (API и виджет)

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provides a synthetic company bank-account status tool and widget, with no evidence of hidden exfiltration, destructive actions, or real credential use.

Install only if you are comfortable with banking-status summaries appearing in chat and in the Widgets page. Treat the bundled data as synthetic unless connected to a real bank later, and be careful with any daily summary schedule because it may repeatedly expose sensitive account information in the selected chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill’s declared purpose is account-status retrieval via `bank_get_status`, but the instructions also authorize external web lookups for procedures and legal guidance. That expands the skill’s effective trust boundary and data sources beyond the manifest description, which can cause unintended browsing, inconsistent answers, and exposure to prompt-injection or unreliable external content during a sensitive banking workflow.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill directs the agent to perform external legal/bank procedure research even though its main function is operational account status. In a banking context, this is risky because it encourages mixing internal account data with untrusted external content, increasing the chance of prompt injection, wrong procedural advice, or unauthorized capability expansion beyond user expectations.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance includes broad, everyday phrases such as general questions about how the account is doing. That can cause accidental activation in ambiguous conversations and trigger retrieval of sensitive financial status data when the user may not have intended a banking workflow.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill supports scheduling daily account summaries into chat, but the description does not clearly warn users that automated recurring delivery may occur. For sensitive banking information, lack of upfront disclosure can lead to surprise persistence or repeated exposure of account data in shared or monitored chat environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal