ClawHub

Agent Payment Rail

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear payment-processing purpose, but it should be reviewed because it can create, refund, and cancel payments without documented approval or safety limits.

Install only if you are prepared to treat this as a high-trust payment integration. Verify the external npm package and publisher, start with test or restricted provider keys, require explicit human approval for every create/refund/cancel action, set transaction and refund limits, and enable audit logs before using live payment credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly presents payment creation, cancellation, and refund operations as ready-to-use agent capabilities without any warning about real-money effects, authorization requirements, or irreversible financial consequences. In an agent skill context, this increases the risk that an autonomous or semi-autonomous agent invokes these operations on behalf of a user without adequate confirmation or policy checks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI examples show direct commands to create payments and issue refunds using realistic syntax, but provide no indication that these may execute against live payment rails or require verification before use. Because CLI examples are easily copied verbatim, this materially increases the chance of accidental real-money transactions, unauthorized refunds, or misuse by downstream agents and operators.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes payment, refund, and cancellation operations with concrete examples but provides no warnings, confirmation requirements, authorization guidance, or guardrails for financially impactful actions. In an agent context, this increases the chance that a model or integrator triggers real monetary operations from ambiguous prompts, automation errors, or prompt-injection-driven tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal