ClawHub
Back to skill

Security audit

payforservice

Security checks across malware telemetry and agentic risk

Overview

This Alipay payment skill is clear about its purpose, but it can start wallet authorization and payment submission from broad or indirect triggers without a strong final confirmation step.

Install only if you intentionally want an agent to help with Alipay payments. Require your agent or orchestrator to ask for explicit confirmation before wallet authorization or submit-payment, and verify the merchant, amount, and cashier URL each time. Check the npm package integrity before installation and avoid logging or forwarding generated payment or authorization URLs outside the user’s chosen channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
Allowing activation when 'other skills/tools return a message containing instructions to use Alipay payment' creates an instruction-injection path where untrusted tool output can drive a payment workflow. Because this skill is capable of checking wallet state, initiating authorization flow, and submitting payment requests, unclear trust boundaries around tool messages materially increase the chance of unauthorized or manipulated payment actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Allowing activation when 'other skills/tools return a message containing instructions to use Alipay payment' creates an instruction-injection path where untrusted tool output can drive a payment workflow. Because this skill is capable of checking wallet state, initiating authorization flow, and submitting payment requests, unclear trust boundaries around tool messages materially increase the chance of unauthorized or manipulated payment actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.