ClawHub

Signet Guardian

Security checks across malware telemetry and agentic risk

Overview

This payment-guard skill is mostly transparent, but it ships with a fallback policy that enables small payments before a user has necessarily opted in.

Review and replace the bundled policy before connecting this to any payment-capable skill. Set paymentsEnabled to false until you intentionally opt in, confirm that payment skills obey DENY and CONFIRM_REQUIRED, keep the ledger private, and only run policy editing or migration commands from trusted user-directed sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill is presented as a payment guard middleware, but it also exposes policy editing, migration, reporting, and local audit-log management capabilities. This broadens its authority and attack surface: a caller expecting a read/check-only guard could invoke mutation paths that weaken controls, alter policy, or expose sensitive financial history, especially because the guard is contract-based and not an enforced runtime interceptor.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill executes whatever program is named in the EDITOR environment variable, allowing arbitrary local command execution whenever signet-policy --edit is invoked. In an agentic environment, environment variables and tool invocations may be influenced by untrusted context, so a payment guard unexpectedly gaining the ability to spawn arbitrary processes is a significant privilege expansion unrelated to its core purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal