ClawHub

Gotchi DAO Voting

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can cast real DAO votes and reuse Bankr credentials from broad local sources without a final confirmation step.

Install only if you intend this agent to vote on Aavegotchi DAO Snapshot proposals. Before use, replace the bundled wallet with your own, supply BANKR_API_KEY explicitly for this workflow, run --dry-run first, and verify the proposal ID, choice, voting power, wallet, and endpoints before allowing a live submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no explicit permissions while its metadata and documented behavior clearly require shell execution and external network interactions via curl/jq and Bankr/Snapshot APIs. This mismatch can bypass user or platform expectations about what the skill is allowed to do, reducing transparency and making risky actions like vote submission via external signing flows easier to invoke without adequate review.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill retrieves BANKR_API_KEY not only from its explicit environment variable but also from the user's systemd user environment and from unrelated Bankr config files under the user's home directory. This broad secret discovery behavior violates least-privilege expectations and can silently repurpose credentials from other contexts, increasing the risk of unintended account use or cross-skill secret exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to run a command that will submit a real Snapshot vote, but it does not clearly warn that this is a live governance action with meaningful consequences and limited practical reversibility. In a voting automation skill, omission of an explicit warning increases the risk of accidental or uninformed submission, especially because the workflow presents the real vote command immediately after a dry-run example.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code sources a sensitive API key from ambient environment and local files without any user-facing notice, consent, or confirmation. In an agent-skill setting, silent secret harvesting is risky because users may not realize this skill can access credentials intended for another tool or workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal