ClawHub

Presage

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide disclosed read-only market and portfolio analysis, but users should understand it contacts Presage and may retrieve portfolio-related data for a provided agent ID.

Install only if you are comfortable with the skill contacting presage.market for market and portfolio data. Treat agent IDs and returned portfolio/trade-history data as sensitive, and do not use any documented trading/register endpoints unless you separately verify they are intended, authorized, and require explicit user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and demonstrates network access to external endpoints (`presage.market/api`) but declares no corresponding permissions in metadata. This creates a transparency and policy-enforcement gap: a host platform may allow the skill to run without surfacing or constraining its real capabilities, increasing the risk of unexpected outbound requests, data exposure, or bypass of user expectations. In context, the network use is expected for a market-analysis skill, which makes the behavior understandable, but the undeclared capability still matters because it weakens trust and runtime control.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The API reference exposes state-changing capabilities to register agents and execute trades, while the skill metadata describes only analysis, opportunity discovery, and portfolio tracking. This creates a capability mismatch that can let an agent perform financial actions users may not expect or explicitly authorize, increasing the risk of unauthorized trading or abuse of funds in a market context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises portfolio and balance access via `getPortfolio(agentId)` and 'Check my portfolio' without warning that this involves potentially sensitive financial/account data. In an agent ecosystem, users may invoke such tooling without realizing it can expose holdings, positions, or linked account identifiers to logs, downstream models, or other integrations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends an agent identifier to an external API endpoint to retrieve portfolio positions and trade history without any visible consent flow, disclosure, or data-minimization guard. In an agent setting, this can expose sensitive financial activity, balances, and trading rationale to a third party unexpectedly, creating privacy, compliance, and trust risks even if the endpoint is the intended service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal