ClawHub
Back to skill

Security audit

RedotPay Wallet

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about requiring RedotPay login and confirmation before charges, but it can still make wallet-backed paid requests despite being framed as discovery and non-purchase oriented.

Review before installing. Use this only if you trust the RedotPay CLI and are comfortable with wallet-backed paid service calls. Verify the installer independently, use a limited-balance account, require exact cost, currency, purpose, and max-spend disclosure before every request, and log out when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill advertises itself as limited to discovery and lookup, but its workflow explicitly includes Step D to log in and execute a paid `redotpay request`. That mismatch weakens user and agent expectations, making it easier for the skill to be invoked in contexts where payment-capable behavior was not anticipated, increasing the risk of unauthorized or surprising charges.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description uses broad trigger terms like find/search/request with RedotPay across multiple categories, including agent-commerce-adjacent services. Because the trigger boundary is not tight and the skill also contains payment-capable execution logic later, it could activate on ordinary RedotPay-related requests and steer the agent into a monetized workflow unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.