ClawHub

AgentCanary

Security checks across malware telemetry and agentic risk

Overview

AgentCanary is a markdown-only API skill, but its paid external API setup under-discloses important credential and payment risks.

Review this skill before installing. Use it only when you intentionally want AgentCanary external market-data calls, expect API usage to consume credits, keep API keys out of chat or logs where possible, and manually verify any wallet address, token, and chain before sending funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims that API keys do not pass through the LLM context window, yet the documented usage explicitly requires sending the API key as a query parameter. That contradiction can mislead users and integrators into underestimating secret exposure risk, especially because query parameters are commonly logged by clients, proxies, analytics layers, and server access logs.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document describes the skill as read-only and unable to write, but it also documents POST operations for key creation and billing/credit checks. While these are not filesystem writes, they are still state-changing external operations, and mislabeling them as read-only can cause agents or users to approve actions they would otherwise treat as sensitive.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation guidance is extremely broad for finance-, crypto-, market-, and macro-related use cases, which can cause the skill to be invoked in many generic contexts without the user clearly intending external calls or paid API usage. In a tool ecosystem, overbroad routing increases the chance of unnecessary data exfiltration, unexpected third-party requests, and accidental credit consumption.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description does not prominently warn that requests go to an external service and that authentication is passed as a query parameter. In the context of an agent skill, omission of this disclosure can deprive users of informed consent around secret handling, network transmission, logging exposure, and third-party data sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal