ClawHub

Crypto Search

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only search helper that transparently uses Kaito to search Twitter/X and news, with no install scripts, credential requests, persistence, or destructive behavior.

Install this only if you are comfortable sending search topics to the configured Kaito MCP service. Avoid putting secrets, private account details, wallet-sensitive information, or confidential research into queries, and verify important synthesized claims against the returned tweet or news URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation gives conflicting guidance about ranking and the metric that must be shown: it says to default to relevance ranking, but later requires displaying smart_engagement counts in a way that implies ranking by smart_engagement. In an agent setting, contradictory instructions can cause inconsistent tool use, misleading output, and policy drift, especially when downstream workflows depend on predictable ranking and attribution behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad natural-language phrases such as 'find content about Z' and 'any news on X', which are likely to overlap with ordinary conversation and cause unintended skill invocation. In agent systems, over-broad activation can leak user intent into external searches, trigger unnecessary tool calls, and increase the chance of data exposure or incorrect workflow execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal