ClawHub

Buy McDonald

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can spend wallet balance and handles payment credentials with weak safeguards.

Install only if you trust the Claw wallet provider, the API host, and the WeChat recharge contact. Treat the access token as a payment credential, require explicit confirmation before every purchase, and avoid sharing or logging the token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to obtain and provide an access token via an informal WeChat contact and then transmit that token to API endpoints, but it does not warn that this token is a sensitive credential that can authorize purchases and reveal account data. In this context, the token directly controls wallet balance and purchasing, so mishandling, phishing, logging, or accidental disclosure could lead to unauthorized charges and account compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The purchase function sends a sensitive access token to an external service and triggers a state-changing purchase without any built-in confirmation, consent flow, or transaction validation in the skill. In an agent setting, this creates a real risk of unauthorized purchases, accidental charges, or misuse of a user's wallet credentials if invoked too easily or by prompt manipulation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The balance lookup transmits the user's access token to a remote endpoint without any visible disclosure or minimization, and the token is embedded in the URL path. Putting secrets in URLs is especially risky because they may be logged by servers, proxies, monitoring systems, or application logs, increasing the chance of credential leakage and subsequent account misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal