ClawHub

K3 Blockhain Agent Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for K3 blockchain automation, but it can deploy persistent workflows that trade, transfer tokens, or write smart contracts without strong required approval and limit controls.

Review carefully before installing. Use this skill mainly for reporting and monitoring unless you are ready to supervise live automations. Before any workflow can trade, transfer tokens, use Coinbase/Uniswap/Hyperliquid, write smart contracts, or post to external services, require an explicit final approval with the exact chain, contracts, wallet addresses, recipients, amounts, limits, trigger conditions, and a clear pause/disable path. Use least-privilege integrations and avoid connecting unnecessary accounts or credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger guidance is extremely broad and explicitly says to use the skill whenever the user mentions many common blockchain topics, including vague phrases like 'monitor this wallet' or 'track this token.' That creates a real risk of unintended invocation in ordinary discussion, causing the agent to enter an operational workflow-building mode when the user may only want information, which can lead to unnecessary tool use and higher-risk actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill repeatedly instructs the agent to build, deploy, run, and verify workflows that can fetch data, send notifications, and even execute blockchain actions such as swaps or contract writes, but it does not require explicit user confirmation or present safety warnings before high-impact operations. In a blockchain context, unintended execution can have financial, privacy, messaging, and operational consequences, making the omission materially dangerous.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation encourages connecting external services via MCP with authentication credentials but provides no warning about credential scope, trust boundaries, or data exposure. In a workflow platform where AI agents and integrations can access third-party systems, this omission can lead users to over-grant permissions or send sensitive data to untrusted endpoints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The write-operation documentation describes blockchain state-changing actions without warning that transactions are irreversible, may move value, and can incur gas costs or trigger permanent loss if misconfigured. In this skill's blockchain automation context, users may treat these actions as routine workflow steps and accidentally authorize harmful contract interactions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation presents autonomous trading features as normal workflow nodes without disclosing market risk, slippage, liquidation, volatility, API/account compromise consequences, or the danger of AI-driven execution loops. Because this skill is explicitly for automated blockchain and DeFi workflows, the lack of warnings materially increases the chance that users enable real-money trading without adequate controls.

Missing User Warnings

High
Confidence
97% confidence
Finding
The token transfer section describes automated asset movement without warning about irreversible transfers, address poisoning, wrong-chain mistakes, or destination validation. In a platform designed for triggered automation, this can directly lead to unauthorized or accidental fund movements if users configure transfers based on noisy inputs or AI decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal