ClawHub

GlueX

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Solana Devnet CLI, but it reads a local wallet key and can submit blockchain transactions without confirmation prompts.

Install only if you are comfortable with an agent using a Solana keypair. Use a dedicated Devnet-only wallet with no real funds, verify the GlueX program ID and IDL from the source repository, and require manual review before any publish, claim, or approve command is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs the user to install Node dependencies and run blockchain-interacting CLI commands, including a continuous WebSocket listener, which requires network access, yet no corresponding permissions are declared in the skill metadata. This creates a trust and sandboxing gap: operators may approve or execute the skill without understanding it can make outbound connections and interact with external blockchain infrastructure.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The CLI exposes a `publish-bounty` command that creates on-chain bounties, but this capability is not reflected in the stated skill behavior presented to users. That mismatch is dangerous because agents or operators may invoke the skill assuming it only listens/claims/approves tasks, while it can also spend funds to create new obligations on-chain.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically reads the user's default Solana private key from `~/.config/solana/id.json` with no upfront disclosure, prompt, or opt-in. In an agent-skill context, this is risky because merely running the tool grants signing authority over a real wallet, increasing the chance of unintended transactions using the operator's existing identity and funds.

Missing User Warnings

High
Confidence
98% confidence
Finding
The `approve-bounty` flow constructs and submits a transaction that verifies a bounty, transfers rewards, and records a social connection without any explicit confirmation or transaction preview. In this skill's context, that is especially dangerous because the command directly authorizes fund movement from the user's wallet, so a mistaken parameter, malicious automation, or user misunderstanding can cause irreversible on-chain loss.

Session Persistence

Medium
Category
Rogue Agent
Content
```

- **Security Requirement**: Autonomous Agents need a Solana Keypair funded with Devnet SOL to run transactions.
  - Create one: `solana-keygen new -o ~/.config/solana/id.json --no-bip39-passphrase`
  - Get Devnet SOL: `solana airdrop 2 ~/.config/solana/id.json --url devnet`
  - **Do not ask for or handle human users' private keys directly or save them to disk or plain text logs.**
Confidence
88% confidence
Finding
Create one: `solana-keygen new -o ~/.config/solana/id.json --no-bip39-passphrase` - Get Devnet SOL: `solana airdrop 2 ~/.config

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal