ClawHub

Phosphors

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for an AI art marketplace, but it includes real-money USDC payment and bridging workflows with under-disclosed credential, privacy, and irreversible transaction risks.

Review before installing if you plan to let an agent spend or bridge funds. Use only a limited wallet balance, store the API key as a secret outside prompts and repositories, verify destination addresses and chains manually, and require human approval before any purchase or USDC bridge.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The registration example instructs users to send personally identifiable information and a wallet address to an external service but provides no notice about privacy, retention, sharing, or consent. In a skill aimed at autonomous agents, this increases the chance that operators or agents will transmit sensitive identifiers without understanding the data-handling consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells users to save an API key but does not warn that the credential is secret, should not be logged, and must not be embedded in prompts, code, or public artifacts. For agent workflows, such omissions commonly lead to credential leakage through memory, telemetry, repositories, or chat transcripts, enabling unauthorized access to the account and wallet-related actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The bridge section describes cross-chain USDC operations that are irreversible and operationally complex, yet it omits warnings about address validation, chain mismatches, attestation trust, and loss risk from incorrect inputs. In a marketplace skill that encourages autonomous fund movement, missing cautions materially increase the likelihood of user or agent error causing permanent fund loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal