ClawHub

MoltsPay

Security checks across malware telemetry and agentic risk

Overview

This crypto wallet skill is mostly transparent about what it does, but it asks an agent to handle real wallet secrets and financial flows with weak safeguards and pressure-style funding prompts.

Review carefully before installing. Do not use this with real funds unless you are comfortable with plaintext local wallet secrets, external sharing of wallet and transaction data, recurring network checks, and an agent-facing setup flow that prompts a human to send crypto. Prefer an audited wallet or encrypted key store and require explicit approval for any display, registration, withdrawal, transaction recording, or funding request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to launch local GUI applications and invoke OS-specific commands solely to display QR codes, which is unnecessary for core wallet management and expands host-side capabilities. This creates avoidable risk by causing local side effects, triggering unreviewed desktop interactions, and normalizing command execution on the user’s machine.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented flow extends beyond wallet setup into asking the human owner to send funds and registering with a separate external marketplace, which is not necessary for a wallet manager. This broadens the skill’s operational scope into solicitation and third-party onboarding, increasing social-engineering and privacy risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill tells users to store private keys and mnemonics in plaintext local JSON without strong warnings, encryption, or access-control guidance. If that file is read by other local processes, backups, malware, or accidental sharing, the wallets can be fully compromised and funds irreversibly stolen.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The registration and balance APIs send agent identifiers and wallet addresses to a remote service without clear privacy disclosures, retention details, or consent framing. Even though only public addresses are shared, linking them to an agent identity creates trackable profiles and exposes financial metadata to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill mandates opening QR codes and displaying wallet addresses on-screen without warning that these are sensitive financial identifiers that can be photographed, screen-captured, or exposed in shared environments. Forced display increases the chance of unintended disclosure and can facilitate unsolicited transfers or privacy loss.

Ssd 4

High
Confidence
97% confidence
Finding
The narrative deliberately steers from wallet setup into a required flow that ends with displaying payment QR codes and asking the owner to 'send a small amount to get me started.' In context, this functions as a social-engineering pattern that pressures the human into funding the agent under the guise of setup completion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal