ClawHub

Nexwave Gateway

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate testnet Circle Gateway skill, but it gives scripts wallet-creation, signing, and transaction authority with limited user confirmation.

Review before installing or running. Use testnet-only, least-privilege Circle credentials, keep the entity secret out of logs and source control, and inspect the fixed amounts, chains, and recipient before running deposit.js or transfer.js. Do not connect this to production wallet sets or credentials unless confirmation gates, transaction limits, and explicit wallet-creation controls are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares required environment secrets and instructs users to run scripts that access external Circle APIs and blockchain networks, but it does not declare corresponding permissions. This creates a transparency and sandboxing gap: agents or users may grant and execute network and env access without an explicit permission contract, increasing the risk of secret exposure or unintended external actions.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The init() routine performs automatic wallet creation for any missing chain in the configured wallet set, which is a state-changing action beyond passive discovery and may exceed the user-visible skill description. In an agent setting, this can trigger unintended account provisioning, operational side effects, and surprise resource creation without explicit operator consent, making the behavior security-relevant even if not overtly malicious.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to export sensitive Circle credentials and then run scripts that can move funds, but it does not warn about secure secret handling, least-privilege API usage, environment leakage, or the transactional consequences of the commands. In an agent-skill context, this is more dangerous because users may copy-paste setup steps into automated environments where logs, shell history, or shared runtimes can expose credentials and trigger unintended deposits or transfers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code automatically creates missing wallets during initialization with only a console log, providing no confirmation gate, dry-run mode, or explicit warning before invoking createWallets(). In a security-sensitive wallet skill, silent state mutation is dangerous because an agent or caller may trigger infrastructure changes unintentionally, undermining least surprise and reducing operator control over wallet lifecycle management.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs a full fund-moving workflow—signing burn intents, submitting them to the Gateway API, and minting on the destination chain—without any interactive confirmation, policy check, or dry-run gate immediately before execution. In an agent skill context, this is dangerous because invoking the skill can cause real asset movement automatically, increasing the risk of accidental transfers, prompt-influenced misuse, or unauthorized execution if the skill is triggered by higher-level automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal