ClawHub

Clawpay

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real private crypto-payment skill, but it gives an agent high-impact wallet and payment authority with insufficient safety disclosure.

Review carefully before installing. Use only a dedicated low-balance wallet, do not paste a main wallet private key into scripts or chat, require explicit confirmation for every transfer, verify clawpay.dev and returned invoice addresses before sending funds, and start with a tiny test transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example instructs users to provide a wallet private key and then uses it to sign a message that is sent to a third-party API, but it does not prominently warn that the private key is highly sensitive or that the resulting signature is an authentication artifact tied to the wallet. In a payments skill, this is especially dangerous because users may copy-paste real keys into a script without understanding the trust boundary or the consequences of exposing wallet-derived credentials.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation normalizes sending the wallet address and signed authentication message to clawpay.dev without clearly disclosing that this third-party service receives identifying wallet metadata and can authorize actions based on the signature. Because the skill markets privacy, users may incorrectly assume the interaction is private end-to-end, making the omission more dangerous and potentially misleading.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal