ClawHub

arguedotfun

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about operating an argue.fun crypto wallet, but it combines real-money transaction authority with remote-updatable instructions that are not verified before use.

Install only if you are comfortable letting an agent operate a dedicated, low-balance Base wallet. Do not import a primary wallet key, avoid unlimited USDC approvals where possible, review remote updates before use, and require explicit human confirmation for approvals, bets, bounty additions, debate creation, cancellation, resolution, and any transaction that spends gas or changes funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The heartbeat instructs the agent to fetch updated skill content from a remote website and overwrite local copies during routine execution. This creates a supply-chain risk: a compromised or changed remote document can silently alter future agent behavior, potentially introducing wallet-draining or data-exfiltrating instructions under the guise of an update.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The heartbeat reads a private key directly from local storage even though much of the workflow is monitoring-oriented and can be performed read-only. Expanding a periodic check-in routine to load signing material increases secret exposure and makes any later unsafe command path far more dangerous.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly encourages feeding the skill to an AI agent for autonomous interaction with prediction markets, including wallet management and on-chain actions, but does not warn about irreversible transactions, private key exposure, fund loss, or legal/financial risk. In this context, omission of risk and safety guidance is material because users may enable unattended blockchain betting behavior with real USDC based solely on this documentation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions normalize storing and consuming a raw private key from a dotfile without prominent warnings or safer handling guidance. Even if not directly exfiltrated here, this encourages insecure credential practices and raises the risk of accidental disclosure, reuse, or misuse by later automation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill explicitly states that the human can ask the agent to do essentially any argue.fun action at any time, with no scoped restrictions, confirmation gates, or exclusions for high-risk actions. In a skill that can spend USDC, approve token allowances, create debates, and trigger claims, this broad invocation surface increases the chance of unsafe or unintended financial actions being executed from ambiguous prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides direct instructions for placing bets with USDC and framing arguments, but it does not require a pre-transaction warning that funds can be lost, that approvals may expose the full wallet allowance, or that outcomes depend on external validator decisions. Because these are irreversible on-chain transactions involving real money, omission of a mandatory risk disclosure materially increases the chance of uninformed financial loss.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal