ClawHub

DAO Governance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DAO research helper that can optionally create and use a small dedicated crypto wallet for paid API calls.

Install only if you are comfortable running a local Node/TypeScript helper and using a dedicated Base wallet for small Degov API fees. Fund it with only a small USDC amount, keep the wallet and passphrase files private, and choose the web-search-only path if you do not want paid API calls or local wallet custody.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes external tooling and networked API access, and also references local state paths for wallet material, but it declares no permissions. That creates a transparency and policy-enforcement gap: a host may load the skill assuming it is informational only while it actually performs filesystem, environment, and network-sensitive operations. In this context, the hidden capability is more dangerous because the skill can steer the agent into wallet initialization and payment-related actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The published description frames the skill as a DAO-governance information assistant, but the documented behavior includes creating and managing a local crypto wallet, handling passphrase-backed storage, checking balances, giving funding instructions, and making paid onchain-backed API calls. This mismatch undermines informed consent and can cause users or orchestrators to authorize a much riskier skill than advertised. The DAO context does not reduce the risk because the extra behavior directly touches funds, secrets, and external payment flows.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The package exposes wallet initialization, address retrieval, and balance-check commands even though the declared skill purpose is DAO governance information retrieval. In a Web3 context, introducing wallet capabilities expands the trust boundary and creates a pathway for handling sensitive blockchain identities or future transaction-related features that are unnecessary for the stated use case.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Wallet-management capability is not justified by a governance research skill and represents unnecessary capability creep. Even if these scripts only initialize or inspect a wallet today, they normalize handling of blockchain credentials and can enable misuse, accidental exposure, or later extension into higher-risk actions.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This file implements wallet lifecycle operations such as account loading, wallet initialization, migration, encryption, and on-chain balance queries, which materially expand the skill from DAO governance information retrieval into credential and asset custody. In the context of a research-oriented DAO governance skill, that scope expansion is dangerous because it introduces sensitive secret handling and transaction-adjacent capabilities users would not reasonably expect, increasing the risk of wallet compromise or misuse.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code stores and retrieves wallet passphrases and encrypted private keys from local files and environment variables, creating a full local secret-custody mechanism unrelated to the stated governance-research purpose. Even though encryption and file permissions are attempted, this still centralizes highly sensitive material in the skill runtime and local filesystem, where compromise, accidental exposure, or operational misuse could lead to wallet takeover.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The migration flow deletes the source wallet file immediately after writing the target file, without an explicit user-facing confirmation or a safer backup/rollback strategy at the deletion point. Because the file contains critical wallet material, unexpected deletion can cause loss of access, user confusion, or destructive behavior if migration assumptions are wrong or paths are misconfigured.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal