ClawHub

some-test-skill-private

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Clawtip payment helper with sensitive payment and wallet flows, but the reviewed artifacts do not show hidden, destructive, persistent, or unrelated behavior.

Install only if you trust the Clawtip payment workflow and the npm CLI it runs. Treat authorization, authentication, wallet, and token links as sensitive temporary access links, and require clear Clawtip-specific intent before using broad phrases like “查看钱包” or “我已注册.”

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest constrains invocation to payment requests, explicit token creation, or wallet viewing, but the skill also exposes a registration-status query flow. This creates a scope mismatch that can cause the agent to invoke the tool in situations not declared to the user or policy layer, undermining least privilege and increasing the chance of unauthorized or surprising actions.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill explicitly says 'do not poll,' but later allows reporting a polling count during registration-status handling, signaling a polling-oriented workflow. Contradictory instructions around repeated status checks can lead an agent to perform automated retries or repeated external requests without clear user consent, violating the declared safety boundary.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The wallet trigger phrase '查看钱包' is overly broad and can match ordinary conversation unrelated to Clawtip. In a payment-related skill, ambiguous triggers are dangerous because they can unexpectedly expose a payment wallet link or activate financial functionality when the user intended a different wallet or context.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Using '我已注册' as a trigger for registration-status checks lacks any Clawtip, token, or device context. This ambiguity can cause the agent to run an external status query based on unrelated conversation, potentially disclosing account state or causing unintended third-party interaction.

Vague Triggers

Low
Confidence
80% confidence
Finding
The trigger '创建token xxx' does not clearly limit itself to Clawtip or payment-token creation. This can cause confusion with other token-related tasks and may lead the agent to create or process credentials in the wrong context, which is especially sensitive in payment flows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal