ClawHub

Ethereum Read Only

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Ethereum command guide with some normal but privacy-relevant RPC/API exposure and a riskier-than-ideal install/example pattern, but no evidence of hidden, destructive, or wallet-signing behavior.

Install only if you are comfortable running Foundry's installer from its official source and using external RPC/API providers. Use a dedicated low-privilege RPC key, avoid entering private keys or seed phrases, and use a trusted or self-hosted node for sensitive wallet or ENS investigations. Treat the separate wallet/transaction guide as outside this read-only skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as read-only Ethereum access, but it ends by directing users to obtain a separate guide for wallet management and transaction sending. That scope expansion can mislead users about the safety boundary of the skill and creates a pathway from passive inspection to active fund-moving operations without corresponding safety controls.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The ABI decoding example makes outbound HTTP requests to 4byte.directory, which is outside the stated cast-based read-only blockchain querying purpose. This leaks transaction selectors and event signatures to a third party and expands the trust boundary beyond the configured RPC provider.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
From the start, the skill instructs users to query public or hosted RPC endpoints and later third-party services, but it does not warn that addresses, ENS names, contract interests, and query timing are disclosed to those providers. This omission can cause unintended privacy exposure, especially when users investigate sensitive wallets or strategies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The ENS section performs name, reverse, and text-record lookups through external RPC infrastructure without warning that these queries reveal the exact ENS names, addresses, and profile attributes being investigated. Because ENS lookups can expose personal, organizational, or investigative interests, the missing disclosure is materially relevant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal