ClawHub

Zerion Api

Security checks across malware telemetry and agentic risk

Overview

This Zerion skill is a transparent wallet-data lookup integration, but wallet queries can reveal sensitive financial behavior to a third-party service.

Install only if you are comfortable sending wallet addresses and related query context to Zerion's remote MCP service. Use a dedicated, least-privilege Zerion API key and avoid analyzing customer-linked or personally linked wallets unless you have authorization and an appropriate legal or compliance basis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly encourages analysis of wallet addresses, transaction history, NFT holdings, and customer or competitor data through a remote HTTP API, but provides no privacy warning, consent guidance, or limitations on handling potentially sensitive financial-behavior data. Even though blockchain data is often public, aggregating and operationalizing it through an MCP skill materially lowers the barrier to profiling individuals or organizations, increasing privacy and misuse risk.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal