ClawHub

Clawmarket

Security checks across malware telemetry and agentic risk

Overview

ClawMarket’s marketplace functions are mostly coherent, but it gives an agent high-impact install and payment authority without enough explicit user control or safety scoping.

Install only if you intentionally want an agent to use ClawMarket and you are comfortable reviewing marketplace packages before they become local skills. Require explicit approval before running any installCommand, writing downloaded scripts, making wallet approvals or USDC purchases, publishing or changing prices, and posting reviews. Use a limited wallet and keep the ClawMarket API key private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are broad enough to invoke this skill on generic marketplace-related phrases, which can cause the agent to route into purchase, installation, publishing, or profile-management workflows without sufficiently specific user intent. In a skill that can perform authenticated network actions and facilitate local installation, over-triggering increases the chance of unintended external calls or risky follow-on actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run an install command and, for paid downloads, to write arbitrary `SKILL.md` and script files into the local skills directory, but it does not warn that this imports untrusted code and modifies the local filesystem. Because marketplace content may be attacker-controlled, these steps create a supply-chain path to local code execution or persistent compromise if installed content is later executed by the agent platform.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation explicitly describes an autonomous purchase flow involving blockchain payments, API-key-authenticated download access, and irreversible USDC transfers, but it does not require explicit user confirmation or warn about key sensitivity and irreversible financial loss. In an agent skill context, these instructions can normalize or encourage unattended spending behavior, increasing the risk of unauthorized purchases, wallet misuse, or credential leakage through automated tooling.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal