ClawHub

Clevr Pay

Security checks across malware telemetry and agentic risk

Overview

This appears to be a crypto payments skill with real transfer and wallet-registration workflows, but its routing and confirmation safeguards are under-specified for a high-impact financial use case.

Review carefully before installing. Use this only for explicit ClevrPay/Cleanverse workflows, verify the chain, token, amount, destination address, and wallet mapping yourself, and require clear confirmation before any registration, withdrawal, or transfer because on-chain mistakes may be unrecoverable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is very broad and matches generic payment, crypto, cross-border, and agent-commerce phrasing. This can cause the skill to be invoked in contexts where users did not specifically request ClevrPay, increasing the chance of unnecessary wallet generation, registration, address disclosure, or payment-routing guidance through this system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes withdrawal and ERC-20 transfer workflows but does not require an explicit warning that blockchain transfers are irreversible and that wrong chain, token, or recipient details can permanently lose funds. In a payments skill, omission of this warning materially increases the likelihood of user harm because the assistant is guiding high-value asset movement.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation instructs the assistant to call a state-changing registration endpoint that writes a user's wallet mapping, but it does not require explicit user confirmation or warn that this action persists data. In an agent setting, this can lead to unintended account binding, privacy issues, or incorrect deposit routing if the assistant acts on ambiguous or spoofed input.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases for signup and registration are broad enough to match generic requests like 'how do I sign up' or 'how do I get started' without requiring explicit Cleanverse/ClevrPay context. In an agent-routing system, this can cause unintended invocation of a payments-related skill, leading to confusing behavior, misrouting of wallet/payment requests, or accidental disclosure/collection of financial identifiers in the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The deposit-address examples such as 'where do I send USDC' and 'where can I deposit funds' are ambiguous because they commonly appear in many wallet, exchange, and bridge workflows unrelated to this skill. In the context of a financial/payment skill, overly broad routing can direct users to the wrong deposit flow, increasing the risk of operational mistakes, compliance errors, or exposing addresses and account mappings in an unintended context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal