Clawdit-lender

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for autonomous crypto lending, but it gives the agent persistent fund-moving authority without enough user controls or risk disclosure.

Review before installing. Use only testnet or funds you can afford to lose, avoid unlimited token approvals, require explicit per-loan or capped policy approval before any disbursement, store agentCode only in a real secret store, and make sure there is a clear way to pause automation and revoke credentials or allowances.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to create a cron job for recurring autonomous execution on the host. Even if intended for orchestration, requesting host-level persistence exceeds normal in-session lending analysis and creates a pathway for unattended financial actions and broader system abuse if the skill or backend behaves unexpectedly.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Requiring borrowers to grant infinite USDT approval gives a standing token-spending authorization far beyond a single repayment obligation. If the lender agent, service, keys, or collection logic are compromised or abused, all approved funds in the borrower's wallet could be drained, making this far more dangerous than ordinary loan servicing.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill instructs the agent to autonomously lend, collect, and move USDT without prominent user-facing warnings that blockchain transfers and loan disbursements are financially risky and often irreversible. In a lending context, omission of such warnings materially increases the chance of users enabling unsafe automation or misunderstanding the consequences of delegated transaction authority.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill tells the agent to store a one-time agentCode and use it for transaction operations, but it does not clearly warn the operator that this credential confers transaction authority. If exposed through logs, prompts, memory, or telemetry, an attacker could potentially initiate unauthorized loan disbursements or collections.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal