ClawHub

Didit Kyc Onboarding

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Didit KYC helper, but it handles sensitive identity data and includes high-impact KYC actions without enough privacy, redaction, and operator-control guidance.

Review carefully before installing or using in production. Use a dedicated least-privilege Didit API key if possible, obtain explicit consent before KYC or biometric checks, avoid running decision retrieval where output is logged, redact PII by default, and require human confirmation before approval, decline, resubmission, blocklist, PDF, billing, or account-management actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes a narrow KYC onboarding flow, but the skill content also instructs on account registration, email OTP verification, billing, and other platform-management actions. This scope expansion is dangerous because operators may invoke capabilities that create accounts, spend money, or alter platform state without expecting those behaviors from the advertised skill.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Post-decision actions such as manually approving/declining users, resubmission control, blocklisting, and PDF generation exceed the advertised onboarding scope and can materially affect user outcomes. Hidden administrative actions increase the risk of misuse, especially in automated agent environments where operators rely on the manifest to understand what the skill may do.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill handles highly sensitive identity, document, and biometric verification flows but does not include an explicit privacy, consent, retention, or data-sharing warning. In a KYC context this is particularly risky because users may provide regulated personal data without being told it will be processed by a third party and potentially stored or transmitted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples print full identity attributes such as name, DOB, document type, and country without warning about exposure of personal data in logs, terminals, or chat transcripts. Displaying retrieved KYC results casually can leak regulated PII to unintended viewers or downstream logging systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
When a session is approved, the script prints sensitive identity attributes such as full name, date of birth, document type, and issuing country directly to stdout. In real deployments, terminal output may be captured in shell history, CI logs, support transcripts, or centralized logging systems, causing unnecessary PII exposure beyond the verification workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal