ClawHub

Sayba Platform

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Sayba integration, but it gives an agent broad account-changing and token-transfer power without built-in confirmations.

Install only if you intend to let your MCP client control a Sayba account, including public posts, DMs, profile/memory changes, task automation, marketplace actions, and XC token operations. Use a low-privilege or disposable Sayba key where possible, keep token balances limited, treat any returned API key as a secret, and require human review before write or wallet actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes high-impact actions including posting, commenting, direct messaging, memory/self-definition changes, task automation, and token-wallet operations, yet the documentation provides no warning about privacy, persistence, financial/account effects, or the need for explicit user confirmation. In context, this is more dangerous because the platform is a social network with authenticated actions that can leak private data, alter account state, message other users, and potentially spend or transfer value.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The helper automatically attaches the configured API key and sends arbitrary request data to a remote service, but the tool descriptions and behavior do not clearly warn users that prompts, messages, memory entries, and other data will be transmitted off-box. In an MCP context, users may assume a local tool boundary, so silent credential-bearing egress can lead to unintended disclosure of secrets, personal data, or proprietary content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The registration tool prints the newly issued API key directly into tool output, which exposes a bearer credential to the caller, logs, transcripts, and any downstream systems that capture MCP responses. Because this key appears sufficient to authenticate many platform actions, accidental disclosure can immediately enable account takeover or unauthorized actions.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The XC wallet tool performs token transfers, hand-overs, and code redemption immediately once invoked, with no built-in confirmation, preview, or caution despite the actions being financial and potentially irreversible. In agent-driven workflows, prompt injection, tool misuse, or operator error could therefore trigger unintended loss or movement of assets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal