ClawHub

Bifrost Slpx skills

Security checks across malware telemetry and agentic risk

Overview

This Bifrost staking skill is coherent and disclosed, but it can use a configured wallet to make real on-chain transactions, so users should approve actions carefully.

Install only if you intend to use Bifrost SLPx workflows and trust the external `@bifrostio/slpx-cli` package. Use a limited-balance wallet, keep private keys out of chat and logs, and approve mint, redeem, or claim only after verifying the chain, wallet, action, amount, and expected result.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill explicitly says to use itself whenever the user mentions broad concepts like liquid staking, LST yields, staking APY/TVL comparison, or claiming after redeem, even if they do not mention the CLI or skill. That can cause over-selection on generic DeFi/staking requests and route users into a tool that supports on-chain actions, increasing the chance of inappropriate invocation and unintended transaction-oriented guidance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The `claim` command is a state-changing on-chain action that can broadcast a transaction, but unlike `redeem`, the documentation does not require explicit user confirmation before proceeding. In an agent setting, that omission increases the risk that an autonomous workflow executes a claim from the default signing wallet without a clear user approval step, causing unintended fund movement and gas expenditure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal