ClawHub

Metal Price

Security checks across malware telemetry and agentic risk

Overview

This metal-price export skill has a legitimate purpose, but it exposes a website login and forces exports into a specific personal Windows desktop folder.

Review before installing. Do not use the embedded account unless you are authorized; the exposed password should be rotated. Provide credentials through a secure runtime input or secret store, choose the export directory yourself, and avoid scheduled or repeated runs unless login and file writes are explicitly confirmed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill embeds a real username and password directly in documentation, exposing credentials to anyone who can read the skill and encouraging automatic use of shared secrets. In context, this is more dangerous because the skill is specifically designed to log into a third-party site, so the credentials are immediately actionable and could enable unauthorized access, account abuse, or downstream data exposure.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Mandating writes to a fixed desktop path ties execution to a specific local user environment and expands the skill's behavior beyond simple querying into uncontrolled local file placement. This is risky because it can overwrite files, leak scraped data into an unintended location, and create assumptions about host filesystem access that are broader than necessary for the stated task.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough that the skill may activate for general market analysis or periodic data retrieval requests, even when the user did not intend to invoke automated website login and file export. In context, that increases risk because the skill contains sensitive credentials and performs external-site interaction plus local file writes, so accidental invocation has meaningful security consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal