ClawHub

Indigo Redemption

Security checks across malware telemetry and agentic risk

Overview

This DeFi skill is purpose-aligned, but it needs Review because it can guide unsigned blockchain transactions and financial estimates without enough explicit safety controls.

Install only if you understand Indigo/Cardano transaction review. Do not sign generated transactions unless you have independently checked the affected ROB UTxO, address, oracle/iAsset references, amounts, and expected asset movements. Treat queue timing or fill-rate estimates as unreliable unless a documented data source supports them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The example instructs the agent to report a recent fill rate and estimated time to fill even though the documented tool only returns aggregated queue depth. This creates a capability mismatch that can cause the agent to fabricate unsupported financial analytics, misleading users into making trading or redemption decisions based on invented data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file documents multiple state-changing blockchain operations that return unsigned CBOR transactions, but it does not warn users that these calls can construct transactions that move funds, alter open positions, or rely on precise UTxO/oracle inputs. In a wallet or agent setting, lack of explicit safety guidance increases the risk of users blindly signing harmful, stale, or manipulated transactions, especially for redemption, cancellation, and adjustment flows tied to on-chain assets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal