ClawHub

The Agent Economy Architect

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational guide, but it asks for sensitive payment and signing credentials with inconsistent sandbox versus production guidance.

Review before installing. Treat this as a high-impact payment and identity guide, not just passive reading material. Use sandbox or test credentials only, do not provide production Stripe keys or private signing material unless you intentionally plan to run the examples, and require explicit human approval before deposits, escrow releases, subscriptions, API-key issuance, webhook registration, or production launch steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide explicitly says examples use the sandbox with no API key required, but the sample code immediately reads GREENHELIX_API_KEY from the environment and posts to the production-style api.greenhelix.net endpoint. This mismatch can cause users to expose real credentials and interact with live infrastructure when they believe they are in a harmless sandbox context.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The manifest asks users to provide AGENT_SIGNING_KEY via environment variables, while the guide later says private keys should never be stored in environment variables. Encouraging storage of signing keys in environment variables increases the chance of leakage through process listings, logs, crash reports, shells, CI/CD output, and inherited subprocess environments.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The trust scoring pipeline uses submit_metrics with an empty payload as if it were a read operation. Reusing a write-style endpoint for reads can trigger unintended state changes, audit noise, authorization bypass assumptions, or data integrity issues if the API later interprets empty submissions differently.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The guide discusses cryptographic signing keys and credential use but does not give clear, immediate handling guidance near the examples that introduce them. In practice, users may paste private signing keys into insecure storage or logs, especially because the surrounding material normalizes environment-based credential supply.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal