ClawHub

Shop from Nvidia - With your claw and creditcard

Security checks across malware telemetry and agentic risk

Overview

This is a real payments skill with disclosed CreditClaw APIs, but its Nvidia-facing identity does not match the broad financial authority it grants.

Review carefully before installing. Only use this if you intend to give an agent broad CreditClaw payment and selling authority, not just Nvidia shopping. Store CREDITCLAW_API_KEY and webhook secrets in a secrets manager, keep approval mode strict, verify CreditClaw account ownership and limits in the dashboard, and avoid sending real customer emails, shipping addresses, or public shop data unless you understand where it will be processed and exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill branding implies Nvidia-focused purchasing, yet the documented APIs enable broad cross-merchant spending and unrelated sales operations. That discrepancy increases the chance of over-privileging or accidental deployment in contexts where only a constrained merchant-specific purchasing skill was intended.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill branding implies Nvidia-focused purchasing, yet the documented APIs enable broad cross-merchant spending and unrelated sales operations. That discrepancy increases the chance of over-privileging or accidental deployment in contexts where only a constrained merchant-specific purchasing skill was intended.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest metadata conflicts with the provided skill context: the skill is presented as 'nvidia' for card and wallet management, but the file declares 'creditclaw' with different branding and description. This kind of identity mismatch can mislead users and automated systems about who operates the skill and what external service/API and credentials it will use, increasing phishing, supply-chain, and trust-boundary risks.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs periodic authenticated polling of wallet status using a bearer token, but provides no guidance on minimizing retention, redacting sensitive response data, or handling financial/account metadata safely. In an agent context, repeated collection of balances, connected rails, limits, cards, and guardrails increases exposure of sensitive financial data through logs, memory, telemetry, or downstream tools if the agent follows the routine naively.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to send invoices by email and collect recipient name and email, but it does not clearly warn that this PII is being transmitted to and processed by a third-party service. In a financial/payment skill, omission of privacy and data-handling disclosures can lead to unintended exposure of customer information and compliance issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes publishing a shop without a prominent warning that seller profile fields and any checkout pages marked shop-visible become publicly accessible. Because this is a payments/sales workflow, users may unintentionally expose business identity, product listings, images, and digital product metadata to the public.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation instructs agents to submit a purchase request containing a real shipping address and to place an actual merchant order, but it does not prominently warn that sensitive personal data will be transmitted to an external service and that the action causes real-world financial and fulfillment effects. In an agent-skill context, omission of that warning increases the chance of accidental exfiltration of PII and unintended purchases by users or downstream agents treating the example as routine API usage.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation shows wallet-signing and wallet-management requests authenticated only with a bearer API key, but does not explicitly warn that this credential authorizes financially impactful actions. In an agent-skill context, omission of credential-handling guidance increases the risk that integrators hardcode, overexpose, or misuse the key, enabling unauthorized payments, balance queries, or transaction access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal