ClawHub

PayMe - Crypto Payments

Security checks across malware telemetry and agentic risk

Overview

PayMe is a disclosed crypto-wallet payment helper, but users should treat it like granting an agent limited wallet authority.

Install only if you trust PayMe and want an agent to help with wallet activity. Prefer the web connection-code flow, keep direct execute disabled unless you fully understand it, use short token durations and low spend limits, require a fresh preview before transfers or P2P sells, verify fiat receipt yourself before escrow release, and revoke the agent token when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API explicitly allows `/api/agent/send` with `execute: true`, which can immediately transfer funds without a separate confirmation call. Although the skill description says payments require explicit user confirmation by default, this reference does not strongly require the agent to obtain and record an out-of-band user confirmation immediately before using the direct-execute path, creating risk of unauthorized or accidental transfers.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`POST /api/agent/p2p/orders/:id/confirm` irreversibly releases escrow to the vendor, but the documentation only labels it 'Irreversible' without a strong operational warning to verify fiat receipt before acting. In an agent context, weak confirmation guidance materially increases the chance of social engineering, premature confirmation, or accidental loss of escrowed crypto.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal