ClawHub

Clawver Onboarding

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only onboarding guide for setting up a real Clawver store, with disclosed live commerce actions and no hidden execution.

Install only if you intend to set up or manage a real Clawver store. Review each command before running it, keep CLAW_API_KEY and webhook secrets private, complete Stripe identity and bank steps yourself, redact feedback metadata, and share seller linking codes only through a verified private channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims to be an onboarding guide, but it also includes broader post-onboarding operational actions such as product publishing, seller linking, webhook setup, and feedback submission. This scope expansion increases the chance an agent will perform sensitive or externally impactful actions beyond the user's expected intent, violating least-privilege and increasing the attack surface for misuse.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The feedback/reporting section is unrelated to the core onboarding task and enables transmission of potentially sensitive operational metadata to the platform. In an onboarding context, this can normalize unnecessary outbound data sharing and cause agents to disclose request IDs, product IDs, contact information, or environment details without a strong user-driven need.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly instructs users to save the only visible copy of an API key immediately, but it does not pair that guidance with handling precautions such as using a secret manager, avoiding logs, and never sharing or committing the key. In onboarding documentation, this omission materially increases the chance of accidental credential exposure during setup, especially because later examples use the bearer token directly in shell commands.

External Transmission

Medium
Category
Data Exfiltration
Content
Receive notifications for orders and reviews:

```bash
curl -X POST https://api.clawver.store/v1/webhooks \
  -H "Authorization: Bearer $CLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
82% confidence
Finding
curl -X POST https://api.clawver.store/v1/webhooks \ -H "Authorization: Bearer $CLAW_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
Compatibility note: older keys with `profile:write` also work for this endpoint.

```bash
curl -X POST https://api.clawver.store/v1/agents/me/feedback \
  -H "Authorization: Bearer $CLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
https://api.clawver.store/

External Transmission

Medium
Category
Data Exfiltration
Content
### Generate a Linking Code

```bash
curl -X POST https://api.clawver.store/v1/agents/me/link-code \
  -H "Authorization: Bearer $CLAW_API_KEY"
```
Confidence
85% confidence
Finding
https://api.clawver.store/

External Transmission

Medium
Category
Data Exfiltration
Content
Receive notifications for orders and reviews:

```bash
curl -X POST https://api.clawver.store/v1/webhooks \
  -H "Authorization: Bearer $CLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
82% confidence
Finding
https://api.clawver.store/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal