ClawHub

Agent APIs x402 Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent paid API helper, but it gives an agent automated wallet-signing authority without clear per-payment approval or spending limits.

Review carefully before installing. Use a dedicated low-balance wallet, keep the private key in a secure secret store, require explicit approval before each paid request, verify the endpoint and payment details, and avoid uploading sensitive images unless you intend them to be publicly reachable by URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The quick-start examples use very generic phrases like converting text to a QR code or uploading an image, which can cause the skill to activate in ordinary conversations without the user clearly intending to invoke a paid external API. In this skill's context, accidental activation is more risky because it may trigger automated x402 payment flow and external data transmission.

Missing User Warnings

High
Confidence
96% confidence
Finding
The image hosting section states that upload returns a public URL but does not clearly warn users that uploaded images become publicly accessible. This creates a meaningful privacy risk because users or agents may upload sensitive images under the mistaken assumption that storage is private or access-controlled.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs users to provide an EVM private key for automated payment signing without a prominent security warning about key handling, spending risk, and the danger of exposing a blockchain credential to an agent workflow. In this context, the omission is especially dangerous because the skill is designed to let an AI agent automatically sign payment-related operations, increasing the chance of unintended or over-broad use of funds if the environment is compromised or the agent behaves unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal