ClawHub

Pay With Any Token

Security checks across malware telemetry and agentic risk

Overview

This skill is built for crypto API payments, but it asks agents to handle raw wallet keys and can run high-impact payment, swap, approval, and bridge flows that need careful review.

Install only if you are comfortable with crypto-payment automation. Use a dedicated low-balance wallet, avoid main-wallet private keys, verify the Tempo installer and npm packages, and require a fresh visible confirmation for every payment, signature, approval, swap, bridge, and autoSwap/session action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation instructs users to pass a raw private key directly to `cast send` for transaction broadcasting. Even in documentation, this normalizes unsafe key handling practices and increases the chance that keys are exposed through shell history, process inspection, logs, or copied scripts, which can lead to wallet compromise and theft of funds.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This bridge approval flow again directs the user to sign and submit an on-chain approval using a raw private key. Approval transactions can grant token spending rights, so combining that with insecure key handling materially increases the risk of both credential compromise and unauthorized token movement.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The bridge execution flow performs a value-bearing blockchain transaction using a raw private key supplied on the command line. In the context of a payment skill, this is especially sensitive because users may run the example with funded wallets, so any key exposure can immediately lead to loss of assets across chains.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal