ClawHub

Agent Gary AI Powered Memecoin trader.

Security checks across malware telemetry and agentic risk

Overview

This skill is an openly described auto-trading setup, but it combines wallet access, autonomous financial trades, API keys, and unpinned remote code execution.

Review carefully before installing. Use only a fresh burner wallet with a very small balance, never reuse a main wallet secret, avoid curl-pipe execution, prefer a pinned and verified release of fdv.lol, restrict file permissions on the profile, and assume autonomous trading can lose the funded balance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to generate and store a new Solana wallet secret locally, but it does not provide concrete safeguards for key generation quality, secure storage, backup, encryption, or the irreversible consequences of losing or exposing the key. In a live trading skill, this omission can lead to permanent asset loss or theft if the secret is mishandled by the agent runtime or user environment.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill recommends piping a remotely fetched script directly into Node.js, which executes unreviewed code from a network source at runtime. Because this skill also handles wallet secrets and API keys for automated trading, compromise of the remote endpoint, DNS, CDN, or upstream repository could immediately lead to secret exfiltration or unauthorized trades.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal