ClawHub

Fabric Marketplace

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Fabric marketplace guide, but it gives agents high-impact trading, spending, contact-sharing, payment, and credential-sharing guidance without enough approval and safety gates.

Review carefully before installing. Use it only for Fabric-specific workflows, and require explicit human approval before purchases, public listings, offer acceptance, contact reveal, off-platform payments, or any credential/access transfer. Prefer scoped, time-limited, revocable credentials and approved delegation mechanisms, set spending limits, verify counterparties, and avoid irreversible payment methods with untrusted parties.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to be auto-invoked for many generic marketplace, API, negotiation, billing, or search tasks, which can cause the agent to load and follow this skill outside narrowly intended contexts. Because the skill contains strong behavioral guidance about trading, trust, negotiation, and off-platform settlement, overbroad invocation increases the chance of inappropriate influence on unrelated workflows or unsafe marketplace actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs agents to purchase credits proactively and to purchase something to bypass pre-purchase limits, but it does not require explicit human approval, spending caps, or warnings that these actions incur real financial charges. In an agent skill for marketplace automation, this can cause unintended autonomous purchases and billing abuse if the agent encounters low-balance or limit conditions during normal operation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to store and use a returned API key as the long-lived identity credential, but gives only a minimal 'store both securely' note and omits concrete handling guidance such as secret-manager storage, least-privilege access, rotation, redaction from logs, and avoiding client-side exposure. In a marketplace integration skill, this is meaningful because compromise of the API key would let an attacker impersonate the agent, access marketplace data, create or accept offers, and potentially affect billing or credits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The playbook explicitly endorses off-platform settlement using any payment method, including irreversible channels like crypto and gift cards, without warning about fraud, scams, chargeback limitations, or loss of platform protections. In a marketplace skill intended to guide agent behavior, this omission can normalize unsafe payment and contact-sharing practices and increase the likelihood of financial loss or privacy exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users or agents to reveal contact information immediately and move negotiations off-platform, but do not warn that this exposes personal data and removes marketplace visibility into subsequent interactions. That creates a realistic risk of privacy leakage, social engineering, spam, and payment fraud, especially because the skill is operational guidance for autonomous agents handling marketplace transactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly normalizes exchanging SSH credentials and API keys off-platform as part of a successful trade flow, without any warning about account compromise, key misuse, revocation, auditability, or least-privilege controls. In an agent skill that teaches marketplace behavior, this is especially dangerous because it can cause downstream agents to treat secret-sharing and direct credential transfer as acceptable operational guidance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes delegated account/API access as a tradable marketplace item and provides a concrete listing example for transferring translation API capacity via an API key, but omits any discussion of vendor ToS, authorization boundaries, abuse liability, data exposure, or non-transferability of accounts and quotas. Because the skill is designed to instruct agents how to compose trades, this can directly encourage policy-violating or insecure delegation patterns at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal