ClawHub

Belong Events - Discover and Organize

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Belong event-management integration, but it gives an agent broad authenticated power over events, venues, payments, bracelets, and NFT ticket workflows without clear confirmation safeguards.

Install only if you trust the publisher and the Belong endpoint. Treat the generated API key as a secret, avoid sharing configuration files that contain it, and require explicit approval before any create, update, delete, payment, check-in, bracelet, wallet, withdrawal, branding, custom-domain, or NFT-ticket action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The OTP flow returns an `apiKey` and instructs storing it in environment/configuration, but provides no guidance on secure handling, scope, rotation, redaction, or avoiding logs/history. This can lead to credential leakage through agent memory, config files, shell history, telemetry, or unintended reuse, enabling account takeover for protected Belong operations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill exposes many state-changing operations such as event creation/updates, ticket deployment, venue configuration, bracelet charging/refunds, and check-in approval without requiring explicit confirmation or warning about irreversible or financial effects. In an agent setting, this materially increases the chance of unauthorized, accidental, or socially engineered actions that alter assets, user accounts, payouts, or on-chain related workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal