ClawHub

Teller MCP – Borrow USDC & Altcoins (no margin calls)

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a Teller MCP server, but it returns ready-to-submit borrowing and repayment transactions that could affect real funds if another tool signs them.

Install only if you intend to let an agent fetch Teller lending data and build transaction payloads. Do not let downstream agents or wallet tools auto-submit the returned calldata; review chain ID, target address, token approvals, amounts, loan terms, and the configured API endpoint before signing anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs users to install and run a bundled MCP server that uses environment variables and network access, but the skill metadata does not declare corresponding permissions or trust boundaries. This is dangerous because operators and downstream agents may execute code with broader capabilities than the skill advertises, reducing informed consent and making review, sandboxing, and policy enforcement harder.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation repeatedly tells the operator to run `npm install`, `npm run build`, `npm start`, and a packaging script without warning that these commands execute untrusted project code, may run install scripts, modify the filesystem, and open network connections. In a skill context, this is risky because users may treat the instructions as safe operational guidance and execute them without reviewing the bundled server or dependency chain.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly instructs users to use `borrow-tx` results directly as calldata for sequential submission and describes repayment transaction generation without any warning about irreversible on-chain state changes, asset movement, slippage, approval risk, or the need for independent transaction review. In an agent skill context, this omission is more dangerous because automated systems may treat the cheat sheet as operational guidance and execute generated transactions with little human scrutiny, increasing the risk of unintended borrowing, approvals, or repayment actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes tools that generate ready-to-submit borrow and repay transactions, but the tool descriptions and responses do not clearly warn that these outputs can trigger real on-chain financial actions if executed. In an agent setting, this increases the risk of unsafe automation or user confusion, especially when downstream systems may treat generated transactions as approved operational steps rather than high-risk financial actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal