ClawHub

spherico-agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only Bitnow skill has no executable payload, but it guides wallet, API-key, payment, account-linking, and provider setup actions without enough safety boundaries.

Install only if you intend to use an agent for sensitive Bitnow API operations and can independently verify the official gateway, chain ID, token address, and deposit contract. Do not paste real session tokens, API keys, provider auth values, wallet signatures, or full unredacted HTTP responses into chats, logs, or scripts; use placeholders, environment variables, or a secret manager. Manually confirm any fund transfer, allowance, parent-account link, supplier registration, or GPU endpoint update before executing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata and description frame the capability as consumer-facing Bitnow workflows, but the content also documents supplier/provider registration and GPU endpoint configuration. That scope expansion can cause an agent or operator to invoke higher-privilege administrative actions unexpectedly, increasing the risk of unauthorized provider onboarding, accidental infrastructure changes, or exposure of sensitive upstream configuration.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The supplier registration examples include raw secrets such as upstream API keys and bearer tokens directly in request bodies, without strong handling guidance. In an agent setting, this encourages users or downstream tooling to paste live credentials into prompts, logs, shell history, transcripts, or insecure scripts, creating a realistic credential leakage path that can compromise upstream providers or GPU nodes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal