ClawHub

Erc8004 Register

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ERC-8004 registration tool, but it asks users to expose wallet secrets and can submit blockchain transactions without enough safety guardrails.

Install only if you are comfortable giving this tool signing authority for a wallet. Use a dedicated low-value wallet, verify the selected chain and registry address before running register/update/fix, avoid exporting primary wallet secrets in shared shells or logs, and treat info/validate/self-check as networked actions that may contact RPC providers, Agentscan, and metadata-supplied URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The self-check flow contacts a third-party Agentscan API to enumerate all agents associated with the user's wallet, which goes beyond the core on-chain registry operations described by the skill. This creates an unnecessary privacy leak because wallet-linked activity and ownership data are disclosed to an external service, and results become dependent on off-chain indexing that may be incomplete or manipulated.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The metadata decoder automatically fetches arbitrary HTTP(S) URLs embedded in tokenURI values, so viewing or validating an agent can trigger outbound requests to attacker-controlled endpoints. This can leak the operator's IP address and usage patterns, and can be abused for network probing or to make the tool trust unbounded off-chain content during a registry operation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The wallet-wide discovery feature sends the configured wallet address to an external indexing service and builds a portfolio-style inventory of the user's agents across networks. For a registration CLI, this is broader than necessary and increases privacy and surveillance risk, especially because users must configure a signing wallet for the tool to work.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to export a mnemonic or private key directly into environment variables without any accompanying warning about secret-handling risks. While this is a common setup pattern for blockchain tooling, documenting raw wallet secrets this way can normalize unsafe operational practices, especially for less experienced users who may use funded primary wallets, shell histories, shared terminals, or insecure environments.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to place a mnemonic or private key in environment variables without any safety guidance, despite enabling on-chain registration and update actions. Exposed shell history, process environments, logs, CI systems, or shared hosts can leak these secrets, allowing full wallet compromise and unauthorized blockchain transactions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Remote HTTP(S) metadata retrieval happens implicitly during decode/validation logic without clearly informing the user that their machine will contact external hosts. That lack of disclosure matters because token metadata can be attacker-controlled, turning routine inspection into involuntary outbound traffic and metadata exfiltration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Validation performs unsolicited HEAD requests to image URLs found in agent metadata, which may be attacker-controlled. Even though this is framed as validation, it leaks network metadata to external servers and may trigger requests to internal or sensitive endpoints if the tool runs in a privileged environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The self-check feature derives the wallet address from the configured signing credentials and sends related lookup activity to a third-party API without an explicit privacy notice. This can expose the user's holdings and operational behavior to an external party, which is especially sensitive in a wallet-management tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal