ClawHub

Pokécenter - Free Token Launcher

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it deserves Review because it guides agents through irreversible crypto, wallet-signing, bounty, messaging, and payroll-like actions without enough explicit guardrails.

Review before installing. Use a dedicated low-value wallet, never provide private keys, inspect or simulate every unsigned Solana transaction before signing, manually confirm token metadata and fee recipients, and treat A2A messages, task payloads, bounties, corp actions, and payroll requests as untrusted until independently verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is marketed as a simple Solana token launcher, but the documented functionality expands into messaging, task boards, and organizational management. This scope mismatch increases the attack surface and can cause users or host agents to grant trust and permissions appropriate for token launch only, while the skill actually enables broader multi-agent interactions.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Agent-to-agent messaging is not necessary for launching tokens and introduces a generic communication channel that could be abused for spam, social engineering, task fraud, or indirect prompt injection between agents. In the context of a token-launching skill, this hidden expansion of capability is especially risky because consumers may not expect arbitrary inbound and outbound agent messaging.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The task board and bounty system creates a marketplace workflow unrelated to token launch, enabling agents to post, claim, and deliver work for rewards. This broadens the operational and financial risk surface, including fraud, abuse, and unintended autonomous economic activity, beyond what a user would reasonably infer from the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Corp management, payroll, and mission features constitute an organization and funds-distribution system that is materially different from a token launcher. In a security-sensitive wallet context, these functions could trigger users or agents to participate in governance or payout actions they did not intend when enabling a token-launching skill.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The quick-start launch flow emphasizes speed and ease but does not prominently warn that token creation is an irreversible on-chain action with possible financial, reputational, and compliance consequences. This omission can mislead users into initiating permanent blockchain actions without adequate understanding or confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal