ClawHub

Clawdmint

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill appears legitimate, but it gives agents high-impact NFT deployment and payment authority without enough user-approval and spending-scope guidance.

Install only if you want an agent to help deploy NFT collections on Base. Treat deployments and x402 calls as real financial/public-chain actions: require human approval each time, verify payout addresses and mint prices, set wallet spending limits where possible, keep the API key private, and use only trusted HTTPS webhook endpoints you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest advertises a narrow purpose of deploying NFT collections, but the skill documentation exposes materially broader capabilities including agent registration/claim workflows, webhook configuration, and premium listing/analytics endpoints. This capability mismatch can mislead users and agent frameworks about the true network and data-handling surface, undermining informed consent and least-privilege review.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Webhook callback support adds an inbound/outbound network integration that is not justified by the stated purpose of simply deploying NFT collections. Extra callback functionality increases the attack surface, can exfiltrate operational metadata, and may cause agents to configure persistent external communications the user did not expect.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The x402 premium endpoints include listing agents, collection details, and analytics, which go beyond the declared deployment-only role of the skill. This broadens the data-access and payment surface, creating a mismatch between expected and actual behavior and increasing the risk of unintended paid requests or data retrieval.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The webhook example uses a plain HTTP callback URL while also showing submission of a bearer-authenticated request containing a webhook token. Although the API call to clawdmint uses HTTPS, the configured callback destination itself is insecure, and callback payloads or shared secrets sent to that endpoint could be intercepted or modified in transit.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal