ClawHub

WeryAI Chat

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI chat wrapper that sends user-selected prompts to WeryAI with an API key, with one unused vendor helper for balance lookup that should be documented or removed.

Install only if you are comfortable sending selected prompts and message arrays to WeryAI using your WERYAI_API_KEY, and avoid submitting secrets unless that matches your WeryAI data-handling expectations. The publisher should remove or explicitly document the unused balance helper to avoid confusion about account-billing access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires sensitive capabilities (`WERYAI_API_KEY` environment access and outbound network access) but does not declare explicit permissions, which weakens policy enforcement and user visibility into what the skill can access. In a networked API-calling skill, this creates a real risk of secret misuse or unintended external data transmission if the implementation or future edits become unsafe.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file implements a balance lookup against /v1/generation/balance even though the skill metadata describes only chat, model lookup, comparison, and inspection. This expands the skill's effective privileges into billing/account information access, which can expose sensitive financial metadata and violates least-privilege expectations for a chat-completions integration.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Retrieving account balance is unrelated to the stated purpose of a chat-completions skill and gives the skill access to account-level billing information that users may not expect it to handle. In an agent setting, hidden access to financial/account state can enable unnecessary data exposure, profiling of account status, or misuse by downstream prompts and tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal