ClawHub

Pearl Calc

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Pearl-backed paid calculator, but users should understand it installs a Node dependency, uses a third-party payment service, sends expressions to pearlcash.ai, and may incur charges.

Install only if you want a paid remote calculator. Review the Pearl skill and payment setup before approving it, set spending limits or approved-skill controls, and avoid entering confidential financial or business figures because expressions are transmitted to pearlcash.ai.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The skill is presented primarily as a local paid calculator, but the finding indicates user-supplied expressions are sent to a remote Pearl service and a networked payment flow occurs at runtime. That is security-relevant behavior because it changes the data exposure and trust boundary: user input and billing actions leave the local environment and depend on a third-party service, yet the runtime behavior is not clearly and explicitly disclosed in the skill description.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill declares a postinstall hook that automatically runs `npm install --prefix {baseDir}` during installation, causing code from the skill's package manifest and dependency tree to execute before the user has meaningfully reviewed or consented to the behavior. For a simple paid calculator, automatic dependency installation is not inherently required in metadata and expands the attack surface through npm lifecycle scripts and third-party packages.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest instructs the agent to immediately ask about setup after install and then proceed through dependency installation and Pearl installation/setup steps. This is overly broad post-install activation guidance that can pressure or normalize automatic execution of install and configuration actions, increasing the chance of unintended changes, package installation, or network activity without sufficiently scoped user approval.

Missing User Warnings

Low
Confidence
71% confidence
Finding
The script transmits the full user-supplied expression to a third-party remote endpoint without any runtime disclosure or consent prompt. While expressions are constrained to math-like characters, users may still enter sensitive numeric data or business figures, and the remote transmission/billing behavior is easy to miss in normal use.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Pearl

This skill is powered by [Pearl](https://pearlcash.ai) — Stripe for AI agents. Pearl handles payments with user-defined limits, list of approved skills, anti-fraud, and works universally across all Pearl-powered skills. Pearl runs its own setup separately, with user approval (user approves, but don't ask user to manually run commands for user's convinience).

This skill requires Pearl to be installed and set up to work:
Confidence
83% confidence
Finding
don't ask user

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal