ClawHub

Agent Commercial Contract

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it promotes autonomous contract signing and escrow payment actions without enough user-control, sandbox, or package-provenance safeguards.

Review carefully before installing. Do not connect real payment, wallet, signing, or API credentials until the external package source is reviewed and pinned. Use sandbox or staging credentials, require human approval for every signature, escrow deposit, refund, dispute ruling, and payment release, and enforce strict amount and counterparty limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README describes escrow holding and automated payment release as normal features without clearly warning that these actions may move real funds or trigger irreversible financial effects. In an agent-facing skill, that omission can cause autonomous or inattentive users to treat payment operations as low-risk examples and execute them in production contexts without adequate confirmation or environment separation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quick-start section includes direct deposit and release commands that appear immediately executable, but provides no warning, confirmation step, or sandbox guidance. Because quick-start snippets are commonly copied verbatim, this increases the chance that an agent or operator could initiate sensitive financial actions unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly advertises autonomous negotiation, signing, execution, enforcement, escrow, and payment handling, but it does not provide prominent warnings about legal commitment, irreversible fund movement, authorization boundaries, or the need for human approval. In the context of agentic systems, this can normalize fully automated high-stakes actions and lead operators to deploy workflows that bind accounts or move money without informed consent or review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start and integration examples demonstrate creating escrow-backed contracts and automatically completing milestones with payment release, yet they omit any warning, confirmation flow, or safeguard around real fund transfers and irreversible state changes. Because these snippets are likely to be copied directly, they materially increase the chance that developers will implement unsafe autonomous financial behavior in production.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal