ClawHub

Noya Agent Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real Noya crypto integration, but it asks agents to share broad conversation and financial profile data with other agent contexts without clear user consent or minimization.

Install only if you trust Noya with crypto account access and financial context. Use a short-lived API key, do not auto-confirm trades or transfers, review DCA strategies regularly, and avoid sending unrelated conversation history or full portfolio summaries to Noya or other agents unless the user explicitly approves that exact sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs operators to send broad prior conversation context—including schedule, preferences, and other personal details—to an external API by default, without a clear consent gate. This creates an unnecessary privacy leak because information unrelated to the immediate crypto task may be transmitted to a third party.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The setup instructions show the API key being exported and stored in plaintext configuration examples without warning about local exposure risk. While common in documentation, this can lead users to place long-lived credentials in shell history or config files readable by other local processes or users.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented `/api/user/summary` endpoint returns a highly sensitive aggregate of wallet address, holdings, DCA strategies, and prediction-market positions, but the reference does not warn skill users to minimize collection, avoid logging, or treat the response as sensitive. In an agent skill context, that omission increases the chance an integrator will over-fetch, expose, or persist financial profile data unnecessarily.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly directs broad collection and forwarding of conversation details such as goals, schedule, and preferences into another agent's system context by default. Because system-context injection grants high trust and persistence in downstream behavior, oversharing amplifies privacy exposure and can propagate sensitive data farther than the user expects.

Ssd 3

High
Confidence
99% confidence
Finding
This section instructs operators to retrieve a full user snapshot—holdings, DCA strategies, and prediction-market positions—and pass it to another AI agent as context. That is a significant cross-agent data exfiltration pattern because highly sensitive financial information is bundled for secondary use without any clear necessity, scoping, or consent control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal