ClawHub

Trustra Escrow

Security checks across malware telemetry and agentic risk

Overview

This is a real escrow/payment skill, but it can move funds and expose wallet secrets with limited built-in safeguards.

Install only if you trust Trustra's API, managed-wallet model, and dispute process. Keep minimal funds in the wallet, protect credentials.json and TRUSTRA_API_KEY, avoid running export_key.py through autonomous or logged workflows, and require explicit human approval before commands that pay, release, withdraw, cancel, dispute, or export keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes commands that register accounts, store credentials locally, read/write files, and call a remote API, yet no explicit permissions are declared. This creates a transparency and consent problem: an agent or user may invoke a payment-related skill without understanding that it will persist secrets locally and communicate externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated purpose focuses narrowly on escrow transactions, but the documented behavior also includes provisioning a managed wallet, generating/storing API credentials, listing and changing escrow state, and exporting a private key. This mismatch is dangerous because it hides sensitive wallet-management and secret-handling capabilities behind a simpler payments description, increasing the risk of misuse or over-trust.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This script explicitly exports a managed wallet's private key and prints it to stdout, which grants full control over the wallet to whoever can run the script or capture its output. That capability is far broader than the stated escrow purpose and materially increases the risk of wallet takeover, fund theft, and downstream secret leakage through logs, terminals, or automation pipelines.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill description is limited to creating trustless USDC escrow transactions on Solana, but this file adds a secret-extraction path for the wallet private key. In context, that mismatch makes the feature especially dangerous because an agent or operator may grant the skill access expecting escrow operations, not credential export that enables complete compromise of funds.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill notes that registration creates a managed wallet and API key stored in credentials.json, but it does not present this as a prominent security warning despite the sensitivity of those credentials. In a payments skill, quietly persisting secrets to disk materially raises the chance of credential theft, accidental commit to source control, or exposure to other local processes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code persists credentials to a plaintext `credentials.json` file in the skill directory without any warning, consent flow, or file-permission hardening. In an agent environment, local files are often accessible to other processes, logs, backups, or operators, so storing API keys and wallet metadata this way increases the risk of credential disclosure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Confidence
97% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
93% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal