ClawHub

AI-powered Automated Concentrated Liquidity Manager for Uniswap v4. Manage liquidity positions, auto-rebalance out-of-range positions, optimize LP fees dynamically, execute limit orders (stop-loss, take-profit), and monitor oracle signals — all from chat. Deployed on Ethereum Sepolia with verified contracts. Use this skill when users ask about DeFi liquidity provision, Uniswap v4 hooks, pool management, LP positions, impermanent loss, or automated market making.

Security checks across malware telemetry and agentic risk

Overview

This testnet DeFi skill appears purpose-aligned, but it includes transaction scripts with an embedded fallback private key and insufficiently clear safeguards for state-changing blockchain actions.

Review before installing. Use only on Sepolia or an isolated local fork, remove the hardcoded private key, require an explicit DEPLOYER_PRIVATE_KEY or external signer, and demand a dry-run plus confirmation before any command that posts oracle data, approves tokens, mints tokens, or changes liquidity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script silently mints ERC20 tokens whenever the caller lacks sufficient balance, coupling a production-style liquidity workflow with privileged token creation. In a DeFi automation skill, this is dangerous because it can normalize unsafe assumptions, mask funding errors, and—if pointed at permissive or misconfigured tokens—cause unintended asset issuance and misleading test behavior that could bleed into operational use.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The module hardcodes a usable fallback private key and immediately derives an account and wallet client from it, which means any consumer of this config can unknowingly sign transactions with a publicly exposed key. In a DeFi liquidity-management skill, this is especially dangerous because the same module is designed to perform privileged on-chain actions such as posting oracle signals, approvals, and liquidity operations, so the embedded key can lead to account compromise, fund loss, or unauthorized protocol interaction.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broadly scoped to 'DeFi liquidity provision, Uniswap v4 hooks, pool management, LP positions, impermanent loss, or automated market making,' which can cause the agent to invoke this skill for many generic finance questions. Because the skill includes operational blockchain scripts and transaction-oriented guidance, over-broad invocation increases the chance the agent routes users into a state-changing workflow when they only wanted informational help.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section presents commands for adding liquidity and posting oracle signals, but the warnings emphasize that Sepolia uses test tokens rather than clearly foregrounding that these are state-changing blockchain transactions that can spend wallet funds for gas, alter contract state, and potentially use a built-in demo wallet. In an agent setting, that omission is dangerous because users may not understand that these commands can trigger on-chain effects rather than merely displaying information.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code silently falls back to a real private key with no warning, creating a dangerous insecure default that developers or operators may not notice in testing or deployment. Because this skill manages Uniswap-related positions and oracle-driven automation, the hidden fallback can cause transactions to be sent from a compromised or shared key, enabling misuse of token approvals, liquidity changes, or bot/oracle operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal