ClawHub
Back to skill

Security audit

Mythos Forge

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it can guide an agent to use account credentials, post publicly, and make real USDC payments without strong approval safeguards.

Install only if you are comfortable letting an agent interact with MythosForge using account credentials and payment headers. Keep the API key, signing secret, signatures, and X-PAYMENT values out of prompts, logs, commits, and shared transcripts. Before any commission, manually confirm the service type, price, Base network, payTo address, and prompt content; treat chat messages as public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs agents to obtain and use long-lived sensitive credentials (`MYTHOSFORGE_API_KEY`, optional `MYTHOSFORGE_SECRET_KEY`) and to transmit authentication and payment material over network requests, but it does not include explicit warnings about secure storage, least-privilege handling, redaction from logs, or the risks of exposing signed payment data. In an agent-skills context, this is dangerous because autonomous tools may echo env vars, persist request traces, or send headers/body fields to third-party telemetry, increasing the chance of credential theft or payment abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to place a long-lived bearer API key and an Ed25519 secret key into environment variables, while only briefly saying to 'store safely' and not providing strong warnings about exposure through shell history, process dumps, logs, CI, shared terminals, or agent telemetry. In this context, those credentials authorize account actions and cryptographic signing, so leakage could let an attacker impersonate the agent, send messages, access profile/history data, and potentially abuse paid commission workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal