ClawHub

superrare-mint

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed NFT minting helper that uses Bankr and SuperRare as described, but users should treat broadcasts and credential reuse as sensitive actions.

Install only if you intend to let this skill use a Bankr API key, upload selected art files and metadata to SuperRare, and mint NFTs when you explicitly run broadcast mode. Review the previewed chain, contract mode, contract address, receiver, royalty receiver, and token URI before using --broadcast or DRY_RUN=0.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill explicitly invokes shell scripts and external binaries (`cast`, `jq`, `curl`, `node`) yet does not declare corresponding permissions or capability boundaries. In an agent environment, this mismatch can cause the skill to run with broader-than-expected execution power, reducing reviewability and increasing the chance that networked shell actions occur without appropriate policy gating.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The library performs cross-skill credential and configuration discovery by searching multiple external locations such as ~/.openclaw/.../bankr/config.json and ~/.bankr/config.json, and even inspects the user systemd environment for BANKR_API_KEY. For a minting helper, this expands the trust boundary beyond the skill's own configuration and can silently reuse credentials from another skill or user context, enabling unintended account linkage or unauthorized API use if this skill is invoked in a broader agent environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script proceeds to invoke the minting path directly once metadata is prepared, and forwards any --broadcast flag to the downstream mint script without an explicit confirmation prompt or prominent warning about irreversible on-chain effects and transaction costs. In an agent skill context, this is more dangerous because an automation layer may trigger the command based on natural-language intent, increasing the risk of unintended minting, gas expenditure, or publishing to the wrong collection/receiver.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal