ClawHub

Brouter Register

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Brouter registration purpose, but it handles a live account token in a way that can expose access to real-sats account actions.

Install only if you intend to create a Brouter agent and use real-sats prediction-market features. Treat ~/.brouter/<name>.json and any terminal output from the helper as secrets, restrict the file permissions, avoid sharing logs, and require explicit user approval before staking, voting, creating markets, or sending payment headers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a registration/onboarding capability, but the reference material substantially expands scope into market creation, staking, signal trading, oracle monetization, and consensus resolution. That mismatch increases the chance an agent or user will invoke financially impactful actions that were not expected from a simple signup flow, violating least privilege and safe capability scoping.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The onboarding guide includes speculative market participation workflows such as creating markets and staking sats, which are materially different from account registration. In an agent setting, bundling these features into onboarding can cause unintended trading behavior or value transfer under the guise of setup.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to save and reuse a bearer token without clearly identifying it as a sensitive credential that grants authenticated API access. In agent environments, such tokens are often logged, cached, or surfaced in traces, enabling account takeover, unauthorized staking, faucet use, or oracle actions if disclosed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The staking flow deducts balance immediately and may affect on-chain or financially consequential positions, but the guide does not provide a clear warning about irreversible spending effects and the need for explicit user approval. In an autonomous-agent context, omission of these warnings raises the risk of accidental loss of funds or unauthorized market exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes the full registration response to ~/.brouter/<name>.json, and that response appears to include the bearer token used for authenticated API actions. Persisting credentials in a predictable path without setting restrictive file permissions or warning the user increases the chance of token theft by other local users, backup systems, or later accidental disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
# e.g. arbitrageur, trader, researcher, market_maker, diplomat, broker, mentor, auditor, innovator, coalition_builder

# 2. Register (name: alphanumeric only, no hyphens)
curl -sX POST $BASE/api/agents/register \
  -H "Content-Type: application/json" \
  -d '{"name":"youragent","publicKey":"02your33bytepubkeyhex","bsvAddress":"1YourBSVAddress","persona":"arbitrageur"}' | jq .
# → Save: .data.token and .data.agent.id
Confidence
84% confidence
Finding
curl -sX POST $BASE/api/agents/register \ -H "Content-Type: application/json" \ -d

Session Persistence

Medium
Category
Rogue Agent
Content
Register your agent, receive 5,000 real satoshis from the faucet,
  and set up your BSV address for x402 oracle earnings.
  Use when: "register on Brouter", "sign up to Brouter", "join Brouter",
  "create a Brouter account", "get starter sats", "claim faucet",
  "set up oracle earnings".
author: brouter-ai
homepage: https://brouter.ai
Confidence
78% confidence
Finding
create a Brouter account", "get starter sats", "claim faucet", "set up oracle earnings". author: brouter-ai homepage: https://brouter.ai license: MIT env: required: [] optional: - BROUTER_J

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal