ClawHub

Changenow

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it creates ChangeNOW crypto swap estimates or payment instructions with a disclosed affiliate ID, but users must verify details before sending funds.

Install only if you intentionally want ChangeNOW swaps routed through this affiliate-enabled workflow. Keep CHANGENOW_API_KEY private, use estimate mode first, compare fees if needed, and verify the exact coin, network, amount, destination address, and pay-in address before sending any crypto.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises use of environment secrets and networked transaction execution, but does not declare permissions explicitly. That creates a transparency and policy-enforcement gap: an agent or reviewer may not realize the skill can access API credentials and initiate external crypto-swap requests. In a financial skill, hidden network/env capability is more dangerous because it can enable unauthorized fund-moving actions or secret misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description is broad enough to trigger on routine user requests to 'swap' tokens, without requiring explicit confirmation, safety checks, or scope limits. Because this skill performs real crypto transactions and injects an affiliate fee, broad matching could cause the agent to route users into irreversible fund-moving behavior they did not clearly authorize. The financial context makes this substantially more dangerous than a generic overly broad utility skill.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation provides a one-step command for executing a live crypto swap but does not warn that it moves funds, may include affiliate fees, and is generally irreversible once submitted. Users or downstream agents may treat the command like a harmless quote/check operation and trigger real asset transfer without informed consent. In a crypto-swapping skill, omission of these warnings materially increases the risk of accidental financial loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal