ClawHub

x402 Creative Resources

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for paid Xona API access, but it gives an agent wallet-backed spending authority with weak endpoint and consent controls.

Review before installing. Use only a dedicated low-balance wallet, verify each endpoint before approving use, and avoid broad or repeated requests until the skill enforces an api.xona-agent.com allowlist and explicit per-call payment confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script allows any absolute URL when the endpoint starts with 'http', while attaching a Solana wallet private key to the x402 payment wrapper. This creates an SSRF-like arbitrary outbound request capability that exceeds the declared skill scope and may send authenticated, paid, or wallet-associated requests to attacker-controlled infrastructure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill is described as a proxy for Xona creative, X news, and PumpFun APIs, so unrestricted external URL access is unnecessary and materially expands the attack surface. In this context, arbitrary destinations increase the risk of misuse for unauthorized network access, wallet-backed request abuse, and exfiltration of request metadata to non-Xona services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states that the agent wallet pays automatically for API calls, but it does not require an explicit warning or user consent before spending funds. This can lead to silent micropayment charges, repeated cost accumulation, or abuse through prompts that trigger expensive endpoints without the user's informed approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal