ClawHub

Atxp

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its purpose, but it gives an agent wallet, spending, and outbound communication powers through a sensitive token and unpinned npm runtime code.

Install only if you intentionally want an agent to control an ATXP wallet and use paid tools or outbound communications. Prefer a low-balance/test account, pin an exact reviewed npm version instead of `@latest`, protect and rotate `~/.atxp/config`, avoid long-lived exported credentials, and require human approval before spending money, sending email/SMS, making calls, deleting data, or syncing contacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation gives contradictory descriptions of the auth config format: it says the file contains only plain KEY=VALUE lines, but later warns it may use export syntax and must never be sourced because that would execute shell commands. For a skill handling a wallet credential, this inconsistency can cause an agent or operator to parse the file unsafely and potentially execute attacker-controlled shell content if the file is ever tampered with.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims its security boundary is limited to ~/.atxp/config, but later documents local contacts storage in ~/.atxp/contacts.json and cloud backup/restore of those contacts. This inaccurate boundary description can mislead reviewers and agents about what data is stored and transmitted, weakening informed consent and security policy enforcement around PII.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal