ClawHub

Blowfish Launch

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it asks an agent process to use a full Solana wallet private key for real token-launch and fee-claim actions without enough safety scoping or warnings.

Review before installing or running. Use only a dedicated low-value Solana wallet, avoid putting the private key in shell history, verify the Blowfish API endpoint and publisher, install dependencies deliberately, and manually confirm every launch or fee-claim action before the agent submits it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation instructs use of environment variables containing a Solana private key and outbound network access, but no explicit permissions are declared for those capabilities. In an agent environment, undeclared access to secrets and external APIs reduces transparency and can lead to unintended credential exposure or execution of sensitive actions without adequate user awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells users to place an ed25519 private key in WALLET_SECRET_KEY but does not include an explicit warning about the sensitivity of that secret or safe handling practices. In the context of a blockchain wallet, compromise of this key can enable unauthorized signing and loss of control over assets associated with the wallet.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes launching tokens and claiming fees without a clear warning that these are real, irreversible on-chain or asset-affecting actions. In a crypto context this is especially dangerous because users may trigger token deployment, fee claims, or related transactions without understanding the financial consequences, transaction costs, or permanence.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented `/api/v1/tokens/launch` endpoint performs a real on-chain token creation action, but the reference provides no warning that invoking it creates a live asset with potentially irreversible financial and reputational consequences. In an agent skill that is explicitly designed to trigger on natural-language requests like 'launch token' or 'create token', this omission increases the risk that an autonomous or semi-autonomous agent executes a high-impact transaction without clear user confirmation or informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The fee-claiming endpoint initiates a value-affecting action by moving or realizing accumulated trading fees, yet the documentation does not warn that this should be treated as a sensitive operation requiring deliberate user approval. In the context of an agent skill that can act on behalf of an authenticated wallet, lack of warning or confirmation guidance raises the chance of unintended financial actions being performed automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script loads a full Solana wallet secret key directly from the WALLET_SECRET_KEY environment variable and immediately uses it to sign an authentication challenge for a third-party API. In an agent/skill context, this is dangerous because environment variables are often broadly accessible to runtime tooling, logs, crash reports, subprocesses, and misconfigured integrations, and the skill gives no explicit warning that a highly sensitive private key is required to perform the action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal