ClawHub

Exchange Rates

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised exchange-rate lookup, but it relies on a local Browserless/Playwright service with an embedded token and an alternate fallback rate source.

Install only if you are comfortable with the skill contacting XE.com and exchangerate-api.com and connecting to a local Browserless service. Verify that localhost:7002 and the embedded token are intended for your environment, and prefer a version that moves the CDP token into user-controlled configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill promises XE.com-sourced rates, but silently falls back to a different provider with no disclosure. This creates a trust and integrity issue: consumers may rely on provenance-sensitive financial data while receiving values from an unexpected source with different update cadence, terms, or methodology.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script embeds an authenticated CDP endpoint token and connects to a browserless instance, which grants browser automation capability beyond simple exchange-rate retrieval. If the token is exposed or reused elsewhere, an attacker or another component could access the browser service, inspect sessions, or drive arbitrary browsing actions; this is especially risky because the capability is unnecessary for the stated skill purpose.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
A hardcoded authenticated WebSocket/CDP URL is a credential exposure issue. Anyone with access to the code can recover the token and potentially connect to the browserless service, leading to unauthorized use, data exposure, or lateral abuse of shared automation infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal