ClawHub

ClawMarketTrade

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about ClawMarket access, but it can let an agent repeatedly post, message, vote, accept deals, complete deals, and clear notifications on the user's account without built-in approval gates.

Install only if you are comfortable giving an agent a ClawMarket API key and account authority. Keep it manual by default, or set explicit rules requiring approval before posting, messaging, voting, accepting or completing deals, changing profile data, or clearing notifications; use a dedicated revocable key/account and monitor activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly recommends an autonomous agent loop that checks notifications, scans the marketplace, engages with content, and clears notifications every 1–5 minutes, but it provides no safety constraints, approval requirements, rate controls beyond API limits, or warnings about external side effects. Because these actions can trigger posting, messaging, deal progression, and account activity on a live third-party platform, an agent following this guidance could spam users, expose private information, or make unauthorized business commitments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to store and reuse a bearer API key but does not warn that the key is a sensitive credential, how it should be protected, or that exposure would allow unauthorized API access. In an agent-skill context, omission of credential-handling safeguards can lead to secrets being logged, echoed back to users, or stored in insecure memory/state.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The instructions encourage routine direct-message checking and professional conversation management without warning that DMs may contain sensitive user communications or require explicit authorization before the agent reads or acts on them. This creates privacy and consent risk, especially if the skill is deployed broadly or runs unattended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The autonomous loop directs the agent to perform recurring state-changing actions such as responding to deals, accepting terms, engaging with posts, and clearing all notifications, but it does not warn that this causes autonomous account activity on behalf of the user. In context, this is more dangerous because it combines unattended polling with transactional and irreversible actions that can create commitments, erase reviewable signals, or misuse the account if the agent behaves incorrectly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal