ClawHub

agent ultimate bots

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed automated DeFi bot, but it can use private keys to make irreversible transactions and swaps without enough user control or safety warnings.

Install only if you understand it is a high-risk wallet automation tool. Use a fresh testnet or low-value wallet, do not use a funded mainnet private key, review router and token addresses, add manual confirmation and slippage limits before any swap, and stop the running process when testing is complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This code autonomously performs blockchain transactions and token swaps using private keys loaded from the environment, with no user confirmation, authorization workflow, or stated business purpose. In an agent skill context, unsolicited financial operations are especially dangerous because they can directly spend funds, incur gas costs, and interact with arbitrary on-chain contracts under automated control.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill makes outbound network requests to external services without a clearly justified purpose tied to an approved skill function. In an agent setting, unnecessary network access expands the attack surface, leaks operational metadata, and can be combined with autonomous decision-making to drive risky behavior based on untrusted external inputs.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The comment describes the swap logic as a dApp, but the implementation is actually an autonomous trading routine selected by randomized behavior and strategy checks. This mismatch can mislead reviewers or users about the true behavior of the skill, reducing informed consent and obscuring the financial risk of unattended on-chain actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises automatic blockchain transactions and dApp interaction, which can directly trigger financial loss, wallet approvals, or on-chain actions if used improperly. The documentation does not clearly warn about private key exposure, irreversible transactions, allowance risks, or the need for explicit confirmation before execution, making the skill more dangerous in this DeFi context.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Private keys are ingested directly from environment variables and then used to create live wallets capable of sending transactions. While loading secrets from environment variables is common, in this file the keys are immediately bound to autonomous financial actions without any warning, isolation, or safer signing design, increasing the chance of silent misuse or accidental loss.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code sends transactions and executes swaps automatically, without any interactive confirmation or explicit user acknowledgement. In a skill environment, this is highly dangerous because it can spend assets repeatedly, incur gas fees, and execute trades based on random selection and simplistic logic, all without operator awareness at execution time.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code generates a real Ethereum wallet and prints its private key directly to console output. Console logs are commonly captured by terminals, shell history tools, CI pipelines, container logs, and monitoring systems, so anyone with log access can immediately take control of the wallet and drain any funds sent to it.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "ISC",
  "type": "commonjs",
  "dependencies": {
    "axios": "^1.15.2",
    "dotenv": "^17.4.2",
    "ethers": "^6.16.0"
  }
Confidence
88% confidence
Finding
"axios": "^1.15.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"type": "commonjs",
  "dependencies": {
    "axios": "^1.15.2",
    "dotenv": "^17.4.2",
    "ethers": "^6.16.0"
  }
}
Confidence
88% confidence
Finding
"dotenv": "^17.4.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.15.2",
    "dotenv": "^17.4.2",
    "ethers": "^6.16.0"
  }
}
Confidence
90% confidence
Finding
"ethers": "^6.16.0"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal