ClawHub

paymax

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it creates payment requests through an unverified external payment service without a clear final user confirmation or provider disclosure.

Review carefully before installing. Only use this if you trust the operator of pay.4199191.xyz, understand that payment details may be sent there, and are comfortable with other skills potentially invoking it. Test with non-sensitive data first and require manual verification of the amount, payee, and payment link before completing any real payment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill directs the agent to probe the runtime environment and execute shell commands to choose between Node.js and Python implementations. That expands the skill's capability from simple payment orchestration into host command execution, increasing attack surface and making argument-handling mistakes or downstream script abuse more likely if parameters are not strictly validated.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill is designed to contact an external payment API and create a payment request, but it does not require an explicit user-facing disclosure or consent step before transmitting payment-related details externally. In payment contexts, silent external processing can surprise users, leak transaction metadata, and create trust and privacy issues even if the backend is legitimate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill allows other skills to invoke payment creation with supplied parameters, but it does not require a fresh user-visible confirmation before initiating the payment flow. This makes the context more dangerous because any upstream skill confusion, prompt injection, or malicious chaining could cause unauthorized payment requests to be generated without the user clearly approving the specific transaction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script transmits payment-related fields such as amount, payee, and description to an external third-party API endpoint without any explicit disclosure, consent flow, destination verification, or trust boundary documentation. In an agent skill context, this is risky because users or calling systems may not realize sensitive transaction metadata is being sent off-platform to an unvetted domain, enabling privacy loss, unexpected data sharing, or abuse if the endpoint is malicious or compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends payment-related fields such as amount, payee, order type, and description to a third-party payment API endpoint without any explicit user disclosure, consent flow, or validation of the destination. In an agent skill context, this is sensitive because users may not realize their financial/payment metadata is being transmitted off-platform to an external domain, increasing privacy, compliance, and misuse risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal