ClawHub

AgentPay MCP

Security checks across malware telemetry and agentic risk

Overview

This skill openly enables agent-driven USDC payments, but it gives an MCP server ongoing private-key signing authority and allows under-limit transfers without clear per-payment approval.

Review carefully before installing. Use only an isolated low-balance wallet, set very small MAX_TX_USDC and MAX_DAILY_USDC limits, require explicit MCP client approval before every payment-related tool call, and inspect or pin the external npm package before providing any private key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly enables autonomous on-chain payments from agent tool calls, but the documentation does not prominently warn that funds can move irreversibly if the agent is misprompted, compromised, or behaves unexpectedly. In the context of an MCP tool exposed to general-purpose AI agents, this increases the risk of unauthorized or accidental value transfer because users may treat it like a normal utility integration rather than a high-risk financial capability.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to supply an AGENT_PRIVATE_KEY directly as an environment variable without an explicit warning that this is a highly sensitive signing credential whose exposure enables theft of funds and unauthorized transactions. Because this skill is designed for automated payment execution, normalizing direct private-key injection into agent runtimes materially increases the blast radius of prompt injection, local compromise, logs leakage, config exposure, or unsafe desktop/plugin environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal