ClawHub

USD1 Transaction

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do its advertised testnet crypto transfer, but it needs review because it takes a raw wallet private key and can send funds without a separate confirmation step.

Install only if you understand that providing the private key authorizes blockchain transfers. Use throwaway testnet wallets, never provide a reused or mainnet private key, and manually verify the recipient, amount, chain, and actual token before running it. Prefer a version that uses a wallet or delegated signer and requires an explicit confirmation before broadcasting any transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill executes a USDC transfer but reports success as a transfer of USD1, creating a mismatch between the actual asset moved and the user-facing confirmation. This can mislead operators, impair auditing, and cause users to approve or rely on incorrect transaction outcomes in a financial workflow.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill requests a raw private key as input and directly uses it to authorize a token bridge transfer. Accepting secret key material in normal parameters is highly dangerous because it exposes users to credential theft, accidental logging, unsafe storage, and unauthorized fund movement if the skill or surrounding platform is compromised.

Missing User Warnings

High
Confidence
95% confidence
Finding
The code performs an irreversible token bridge transfer immediately once parameters are provided, with no visible confirmation step, transaction preview, recipient verification, or safety interlock. In an agent setting, this increases the chance of accidental or manipulated transfers to attacker-controlled addresses, with little opportunity for recovery after execution.

Natural-Language Policy Violations

Low
Confidence
96% confidence
Finding
This lockfile includes a dependency declaration whose own metadata explicitly warns that the cryptographic library contains security-relevant bugs and that private keys may be at risk. Even though this is not malicious code in the lockfile itself, shipping a package set that knowingly includes a deprecated crypto dependency is a real supply-chain security issue, especially in a blockchain transfer project where key handling is sensitive.

Natural-Language Policy Violations

Low
Confidence
97% confidence
Finding
A second transitive dependency instance also carries explicit upstream metadata stating that known cryptographic bugs may endanger private keys. In the context of cross-chain and wallet-related software, retaining a dependency with acknowledged cryptographic weakness materially increases risk of key compromise or unsafe signing behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "ISC",
  "type": "commonjs",
  "dependencies": {
    "@wormhole-foundation/sdk": "^4.9.1",
    "@wormhole-foundation/sdk-base": "^4.9.1"
  }
}
Confidence
93% confidence
Finding
"@wormhole-foundation/sdk": "^4.9.1"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"type": "commonjs",
  "dependencies": {
    "@wormhole-foundation/sdk": "^4.9.1",
    "@wormhole-foundation/sdk-base": "^4.9.1"
  }
}
Confidence
93% confidence
Finding
"@wormhole-foundation/sdk-base": "^4.9.1"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal