Back to skill

Security audit

Genlayer Dev Claw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only GenLayer developer skill whose risky examples are relevant to smart-contract development, but users should treat keys, LLM prompts, web fetches, and deploy/write commands carefully.

Install only if you want GenLayer development assistance. Review commands before running them, use localnet or testnet first, confirm the active network and account before deploy/write operations, do not paste real private keys into shared terminals, and avoid sending secrets, personal data, internal URLs, or sensitive logs through LLM or web-render examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (11)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages deployment workflows and use of deploy/write commands but does not warn that these actions can modify on-chain state, consume funds, or create irreversible effects. In a skill meant to guide AI assistants, omission of such safety context can cause an agent or user to execute impactful commands without understanding the consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises LLM calls and web access, and the example sends user-provided text into `gl.nondet.exec_prompt()` without any privacy or data-handling warning. This is dangerous because users or agents may pass sensitive input to remote nondeterministic services or external providers, causing unintended disclosure outside the local execution environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill prominently teaches contracts that send user-supplied text to LLMs and fetch arbitrary web content, but it does not clearly warn that these operations may transmit sensitive data to third-party services or untrusted endpoints. In this context, users may copy business logic, prompts, secrets, or personal data into examples and unknowingly exfiltrate them during development or contract execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The deployment and interaction sections provide direct commands for deploying contracts and invoking write methods, but they omit warnings that these actions can mutate blockchain state, spend funds/fees, and be difficult or impossible to reverse once finalized. In a smart-contract skill, this omission is especially risky because users may execute commands against testnet or other non-local environments without understanding transactional consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes a private-key import command without any warning about the sensitivity of the credential or safer handling practices. Users may paste production keys into shell history, shared terminals, logs, or screenshots, leading to full compromise of the associated blockchain account and irreversible asset loss.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The environment-variable example shows an API key assignment without warning that environment variables can be exposed through shell history, process inspection, CI logs, or misconfigured dotfiles. While not immediately exploitable on its own, this normalizes unsafe secret handling and can lead to credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These examples instruct users to fetch live web content and process it on-chain via `gl.nondet.web.render()` and LLM parsing, but they do not warn that external requests and fetched content may expose user-supplied URLs, contract context, or retrieved third-party data to external services. In documentation, this omission can lead developers to copy unsafe patterns into production without considering privacy, data provenance, SSRF-like URL abuse, or reliability risks from untrusted remote content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples send user requests and fetched page content directly into `gl.nondet.exec_prompt()` without any warning that prompts may disclose user-provided data and surrounding contract state to an LLM execution environment. As documentation, this is risky because developers may replicate the pattern while overlooking privacy, prompt-injection, and model-manipulation concerns when handling sensitive or attacker-controlled content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation presents `gl.nondet.web.render` as a simple fetch primitive but does not warn that calling it transmits data to external endpoints and may retrieve untrusted content. In a smart contract or agent setting, this can lead developers to unintentionally leak sensitive inputs or build logic on attacker-controlled remote data without understanding the privacy and trust implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The `gl.nondet.exec_prompt` documentation shows sending prompt content to an LLM without disclosing that user input, contract data, or other embedded context may leave the local execution environment. That omission can cause developers to pass sensitive or regulated data into prompts and trust model output without accounting for privacy, retention, or prompt-injection risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API reference documents `gl.vm.run_nondet_unsafe` with only a brief note and does not prominently explain the security tradeoff of removing sandbox protections for validators. Developers may adopt it for convenience or performance without understanding that validator-side faults and unsafe execution semantics can weaken safety guarantees and increase consensus or availability risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.