ClawHub

Cardano Balances

Security checks across malware telemetry and agentic risk

Overview

This balance-checking skill asks for a full Cardano wallet seed phrase and installs a wallet server with broader wallet authority, so it needs review before use.

Review carefully before installing. Do not provide a production Cardano seed phrase unless you have audited and trust the MCP package and runtime. Prefer a watch-only setup or a dedicated low-value wallet, pin or review the package version, keep the seed phrase out of prompts/logs/project files, and require explicit confirmation before displaying or using wallet data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly requires a wallet seed phrase in environment variables, which is highly sensitive secret material, but it provides no warning about the privacy and security implications of exposing wallet-derived balances, addresses, and UTxOs. In this context, the skill is more dangerous because it targets live blockchain wallet data tied to a secret that can control funds, so users may enable it without understanding the exposure risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document exposes capabilities to retrieve wallet balances, all wallet addresses, and full UTxO sets without any warning that this data is privacy-sensitive and can be used to profile a user's holdings and on-chain activity. In the context of a wallet-connected skill, these endpoints materially increase surveillance and targeting risk if invoked without clear user awareness, consent, and minimization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal