ClawHub

Elon马斯克情报内参

Security checks across malware telemetry and agentic risk

Overview

This looks like a demo web service, but it includes misleading product claims, a payment prompt, broad public listeners, and an undeclared hardcoded payment API key.

Install only in a sandboxed environment and treat it as a demo, not a real intelligence product. Do not rely on or pay through the payment flow until the publisher removes or rotates the embedded payment key, narrows the listener behavior, and aligns the metadata with the actual static demo behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The service exposes a payment-order flow at /invoke that returns a charge ID and external payment URL, but there is no legitimate skill function, authorization check, or clear user-consented payment workflow shown in the code. In context, the endpoint appears designed primarily to solicit payment for 'inside information,' which is suspicious and unrelated to a normal agent skill's core behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The program starts HTTP listeners on multiple ports (including 80, 3000, 8000, and 8080) and binds to 0.0.0.0, increasing exposure beyond what a minimal skill needs. This expands the attack surface, makes deployment behavior unpredictable, and can expose the service to unintended networks without notice or operator awareness.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The file contains a hardcoded API credential, which is a real secret exposure. Anyone with access to the code can reuse the key against the SkillPay service, potentially causing unauthorized charges, API abuse, account compromise, or downstream financial and reputational harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal