ClawHub

Clawlett

Security checks across malware telemetry and agentic risk

Overview

Clawlett fits its wallet-trading purpose, but it needs Review because some real-money actions can execute without the documented preview gate and it stores powerful local wallet/session secrets.

Review carefully before installing. Use a small, purpose-limited Safe, verify Zodiac Roles permissions, protect config/agent.pk and wallet.json like wallet secrets, confirm fees and contract addresses before execution, and do not run Trenches create/buy/sell commands unless you intend immediate on-chain action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "update to latest" is very broad and can cause the migration workflow to activate in contexts where the user did not clearly intend a repository version migration. Because the documented behavior includes fetching tags, checking out a new version, and potentially guiding on-chain permission changes, an ambiguous trigger increases the risk of unintended code changes or socially engineering the user into sensitive upgrade steps.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes backend session cookies into wallet.json alongside wallet metadata, which creates a local bearer-token exposure. Any local user, malware, backup system, CI artifact, or accidental commit that can read the config directory may reuse those cookies to access backend-authenticated endpoints as the agent without re-signing a challenge.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script reads a raw private key from a local file and immediately uses it to sign on-chain transactions. In an agent-skill context, this is dangerous because filesystem compromise, accidental key exposure, weak file permissions, or reuse of the key by other automation can lead to unauthorized transactions through the configured Roles module, potentially draining assets or abusing delegated permissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill reads an arbitrary local file path and uploads the file contents to a remote service at `TRENCHES_API_URL` once `--image` is provided. In an agent setting, this creates an exfiltration risk: a prompt or workflow could coerce the agent into sending sensitive local files to an external API, and the code provides no path restrictions, confirmation step, or explicit warning about remote transfer.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal