ClawHub

Wallet Guard

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only Web3 safety checker, with the main caveat that wallet addresses, contract addresses, and URLs are checked through external Antalpha/GoPlus-backed services.

Install only if you are comfortable sending wallet addresses, contract addresses, approval targets, and URLs to Antalpha/GoPlus-backed services for analysis. Use limited-purpose GoPlus credentials if you provide them, specify chains when possible to reduce unnecessary scans, and treat results as risk guidance rather than a guarantee of safety.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README encourages users to submit wallet addresses, contract addresses, and URLs for analysis, but it does not clearly disclose that these inputs are sent to external Antalpha/GoPlus services. This creates a privacy and consent problem: users may unknowingly transmit sensitive behavioral or financial metadata to third parties, which is especially relevant in a Web3 security context where addresses and sites can reveal holdings, activity, and security posture.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill routes highly sensitive user-supplied data—wallet addresses, contract addresses, and URLs—to an external MCP endpoint, but the description does not clearly disclose that transfer. In a Web3 security context, users may assume analysis is local or first-party; undisclosed third-party transmission can expose financial relationships, holdings, browsing targets, and investigation intent, creating privacy and trust risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal