ClawHub

Defi Analyst

Security checks across malware telemetry and agentic risk

Overview

This DeFi research skill is mostly read-only and coherent, but it publishes and recommends using an apparent shared Tavily API key, which needs review before installation.

Review before installing. Do not use the published Tavily key; create your own key, store it carefully, and avoid putting private trading strategies, wallet details, or confidential research queries into third-party search/API services. The publisher should revoke the exposed key, replace it with a placeholder, and document Moltbook if it is a real dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The README contains a concrete Tavily API key and instructs users to export and use it directly. Publishing live credentials in documentation enables unauthorized use, quota exhaustion, billing abuse, and makes every downstream user implicitly trust a secret they do not control.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill advertises sentiment analysis using 'Moltbook agent network pulse,' but that dependency is not declared in the manifest or prerequisites. Undeclared external sources reduce transparency and trust boundaries, and can cause users or downstream agents to rely on data flows and integrations that were not reviewed or approved.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation not only exposes a real API key but explicitly tells users to configure the service with that credential, without any warning about credential sensitivity or ownership. This increases the likelihood of secret reuse, accidental propagation into shells and logs, and abuse of a shared credential across many installations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup command places the Tavily API key directly into a URL passed on the command line. Secrets embedded this way can be exposed through shell history, process listings, terminal logs, screenshots, or copied config files, creating a realistic credential leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal