ClawHub

WeryAI Account

Security checks across malware telemetry and agentic risk

Overview

The advertised balance checker is mostly read-only, but it ships undeclared task-status polling code that can retrieve WeryAI generation outputs.

Install only if you are comfortable giving this skill WERYAI_API_KEY access. The main balance command appears narrow and read-only, but the package also includes unused WeryAI generation-status helper code that is not described in the skill’s purpose; review or remove those vendor files if you require strict account-only behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This file implements generic task and batch polling for media generation endpoints (`/v1/generation/.../status`), which materially exceeds the declared purpose of an account-credit checker. In an agent-skill context, hidden or unnecessary job-monitoring capability broadens the skill’s operational scope, enabling access to generation-task metadata and outputs that users did not authorize when invoking a balance-checking skill.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code monitors single tasks, multiple tasks, and batches, and returns generated outputs such as media URLs, lyrics, and cover URLs. For a skill advertised only as checking WeryAI credits and API balance, this undocumented capability is dangerous because it can be used to inspect or retrieve unrelated job results, creating an unnecessary data-access surface and violating user expectations about the skill’s behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal