ClawHub

Zero-Trust Agent Verification: Cryptographic Reputation Systems

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational guide, but it includes runnable examples that can create escrow contracts and lock funds if copied into an agent workflow.

Install only if you want a GreenHelix verification reference guide. Use sandbox or least-privilege credentials, avoid providing a real signing key unless a specific workflow needs it, and do not copy the escrow or hiring examples into an autonomous agent without explicit human approval, spending limits, and test defaults.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The guide repeatedly frames itself as a buyer-side verification tool that only reads and verifies, but later includes a function that performs a state-changing financial action by creating an escrow and locking funds. This mismatch can mislead users or integrating agents into invoking money-moving behavior in a context they believed was read-only, increasing the risk of unintended transactions.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The documentation claims the AgentVerifier is strictly for reading and verification, yet the broader skill later demonstrates workflows that progress directly into hiring and escrow creation. That inconsistency can cause downstream agents or users to over-trust the skill as non-invasive and use it in automation where state-changing actions are unexpected.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Including code that creates escrow contracts and locks funds is materially beyond the stated purpose of trust verification. In an agent-skill ecosystem, bundling verification with payment initiation increases the chance that an automated consumer will treat a trust-check skill as safe to execute and inadvertently authorize financial commitments.

External Transmission

Medium
Category
Data Exfiltration
Content
"""
    import requests

    resp = requests.post(
        "https://sandbox.greenhelix.net/v1",
        headers={
            "Content-Type": "application/json",
Confidence
93% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
"""
    import requests

    resp = requests.post(
        "https://sandbox.greenhelix.net/v1",
        headers={
            "Content-Type": "application/json",
Confidence
93% confidence
Finding
requests.post( "https://sandbox.greenhelix.net/v1", headers={ "Content-Type": "application/json", "Authorization": f"Bearer {os.environ['GREENHELIX_API_KEY']}",

Env Variable Harvesting

High
Category
Data Exfiltration
Content
"https://sandbox.greenhelix.net/v1",
        headers={
            "Content-Type": "application/json",
            "Authorization": f"Bearer {os.environ['GREENHELIX_API_KEY']}",
        },
        json={
            "tool": "create_escrow",
Confidence
83% confidence
Finding
os.environ['GREENHELIX_API_KEY']

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal