ClawHub

Mev

Security checks across malware telemetry and agentic risk

Overview

The skill is not showing malware behavior, but it advertises MEV/security analysis while actually acting as a local note store that writes, deletes, and exports user data.

Review this as a local data-management skill, not an MEV analysis tool. Avoid storing secrets, wallet material, trading strategy, or incident-response details in it; it keeps entries under ~/.mev unless MEV_DIR is changed, and export can copy that data into the current directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises MEV analysis, but the command set is clearly a generic entry manager (`add`, `list`, `remove`, `export`, `config`). In an agent ecosystem, this kind of semantic deception can cause unsafe tool selection and execution, because a model may choose the skill expecting passive analysis and instead trigger persistent local side effects.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The top-level documentation says the skill analyzes MEV operations and protocol security, yet the operational docs describe unrelated entry-management actions. This inconsistency undermines informed consent and makes the skill more dangerous in context, because a security-analysis-themed skill is likely to be trusted for read-only reasoning while it actually supports write, delete, and export behaviors.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is marketed as an MEV analysis tool, but the implementation is only a generic local note/record store. This kind of capability mismatch is dangerous because users may trust it with sensitive protocol, trading, wallet, or incident-response data under the false assumption that it performs specialized analysis, while it actually just persists arbitrary input to disk.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The inline description claims MEV analysis capability, but the code provides no such analysis and instead stores user-supplied text. In a security/protocol context, deceptive capability claims increase the chance that operators input confidential data, creating unnecessary persistence and possible later disclosure from local files.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The help output reinforces a false impression that the command set supports MEV analysis, while it is effectively a CRUD interface over a local JSONL file. Misleading operational documentation is especially risky for a security-oriented skill because users may rely on it during analysis workflows and unknowingly store sensitive notes or indicators without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation does not warn users that `remove` is destructive or that `export` writes data to files, which can lead to accidental deletion or unintended disclosure of stored content. In the context of a misleadingly named analysis skill, omission of these warnings is more dangerous because users may not expect any persistent or externalized data handling at all.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script persists all added content to a local JSONL file without any upfront warning, consent, classification guidance, or retention controls. In the context of a purported MEV/security-analysis skill, users are more likely to enter sensitive research notes, transaction ideas, or incident details, making silent storage more dangerous than in an ordinary note-taking tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal