ClawHub

Indigo Staking

Security checks across malware telemetry and agentic risk

Overview

This staking helper is not deceptive, but it needs review because it can prepare crypto staking transactions without enough safety and confirmation guidance.

Install only if you trust the Indigo MCP provider and intend to use wallet-connected staking tools. Treat every returned CBOR value as a real transaction proposal: verify the wallet address, staking position, amount units, fees, rewards, and resulting asset movement before signing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Scope Creep

High
Confidence
96% confidence
Finding
The manifest declares only Read/Glob/Grep, but the skill documentation advertises state-changing operations such as opening, adjusting, closing staking positions, and distributing rewards. This mismatch can mislead users, auditors, or orchestration layers about the skill’s true capabilities, weakening trust boundaries and increasing the risk of unauthorized or unexpected financial actions if connected tooling exists elsewhere.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description says users can 'open, adjust, or close staking positions' without warning that these are blockchain state changes that may be irreversible and financially impactful. In a staking context, omission of such warnings can cause users or downstream agents to treat risky actions like routine queries, increasing the chance of unintended token movements or position changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Documenting reward distribution without noting that it may submit a blockchain transaction obscures that this is not a passive read operation. In a financial protocol skill, users need clear notice that distributing rewards can trigger state changes, fees, and timing-sensitive outcomes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The write-operation section documents tools that generate unsigned transactions capable of opening, modifying, closing, or rewarding staking positions, but it does not explicitly warn users that these actions can materially change on-chain state and may lead to asset movement once signed. In an agent setting, weak signaling around transaction-generating operations increases the risk of accidental approval, confused-deputy behavior, or misuse by downstream integrators who may treat these tools like harmless queries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill documents stake adjustment and full closure flows that move or withdraw on-chain assets, but it does not instruct the agent to require an explicit confirmation before generating a transaction for partially unstaking or closing a position. In a wallet-connected agent context, users may phrase requests ambiguously or misunderstand that these actions can permanently change staking balances and claim/withdraw rewards, increasing the risk of unintended asset movement.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill encourages querying staking positions by owner address without warning that stake keys and wallet addresses can expose a user's financial holdings, rewards, and activity history. In a blockchain context, these identifiers are often public but still privacy-sensitive, and prompting users to provide them casually can lead to unnecessary disclosure or aggregation of sensitive financial data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to invoke a permissionless on-chain reward distribution action and notes only that it returns transaction CBOR, but it does not explicitly warn the user before action that this creates a transaction requiring signature, consumes network fees, and changes protocol state for all stakers. In an agent setting, that omission can cause users to approve or trigger blockchain actions without understanding the cost or consequence, increasing the risk of unintended transactions and fee spending.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal