Is token-watch safe?

https://clawhub.ai/vedantsingh60/token-watch

52
CAUTION

The 'token-watch' skill is an empty placeholder containing no functional code, no SKILL.md content, and only a lock.json referencing an unrelated skill ('academic-research-hub'). The deceptive name implying credential monitoring, combined with the mismatched dependency and complete lack of implementation, raises supply-chain concerns. While no active malicious behavior was detected during installation, the skill provides zero value and poses update-time risk.

Category Scores

Prompt Injection 50/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 70/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (6)

HIGH Empty skill with deceptive name -35

The skill 'token-watch' contains no SKILL.md content, no package.json, and no source code. The name implies token/credential monitoring functionality, but nothing is implemented. This could be a placeholder for future malicious content or a name-squatting attempt in the skill registry.

HIGH Mismatched dependency reference -50

The lock.json file references 'academic-research-hub' as an installed skill, which has no obvious relationship to 'token-watch'. This cross-skill dependency was not audited and could introduce transitive risks. The mismatch between the skill name and its dependency is a red flag for potential supply-chain manipulation.

MEDIUM Empty SKILL.md provides no security boundaries -50

An empty SKILL.md means the skill declares no purpose, no permissions scope, and no behavioral boundaries. If the skill is later updated with prompt injection content, users who already installed it would be exposed without a new review.

MEDIUM Prolonged keepalive connections to AWS endpoints -30

After the initial install handshake, persistent TCP connections to 3.209.150.151:443 and 50.17.216.166:443 were maintained with regular keepalive packets for approximately 25 seconds. While this could be normal registry behavior, the duration is notable for an empty skill that failed to install.

LOW Install failed with rate limit error -10

The skill installation failed with 'Rate limit exceeded', meaning the full skill content may not have been retrieved. This audit is based on incomplete data — the actual skill payload on the registry may contain additional files not captured here.

INFO Canary files intact 0

All honeypot files remained unmodified during the installation process, indicating no active credential harvesting occurred during this audit run.