ClawHub

Staking

Security checks across malware telemetry and agentic risk

Overview

This skill claims to analyze staking and protocol security, but its code is actually a local plaintext entry tracker with delete and export commands.

Install only if you want a simple local note tracker, not a staking or protocol-security analysis tool. Do not store private keys, seed phrases, wallet credentials, or sensitive operational data in it, and review ~/.staking plus any staking-export files if you try it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill advertises staking and protocol-security analysis, but the documented commands implement a generic local CRUD/export tool. This mismatch can cause an orchestrating agent or user to invoke the skill under false assumptions, leading to unintended local file operations, data deletion, or export in contexts where only read-only blockchain analysis was expected.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest makes strong claims about blockchain staking analysis, but the body describes unrelated entry-management behavior. In an agent ecosystem, deceptive or inaccurate capability declarations are dangerous because they can bypass user expectations, safety policy routing, or tool selection logic and result in unauthorized local state changes.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The user-facing documentation continues the staking-analysis framing while enumerating commands such as add, remove, export, and config that are unrelated to on-chain analysis and imply local state mutation. This increases the risk that an agent or user will trust the skill in a sensitive blockchain-analysis workflow and inadvertently permit destructive or privacy-impacting file operations.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The advertised purpose is staking analysis, but the implementation is a generic local datastore and note manager. This mismatch is dangerous because users or higher-level agents may grant trust and permissions based on the declared skill purpose while the code performs unrelated persistent file operations, creating deceptive capability expansion and increasing the chance of unauthorized local data handling.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script provides delete, export, and configuration modification capabilities that are not necessary for a staking-analysis tool. In an agent environment, unnecessary local file-manipulation features expand the attack surface and can be abused to alter user state, exfiltrate accumulated data to export files, or persist arbitrary settings under the guise of a harmless analytical skill.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The inline description explicitly claims staking analysis, but the code only stores and retrieves arbitrary user-provided text. This is dangerous because deceptive metadata can cause users, orchestrators, or marketplaces to misclassify the skill as domain-specific and low-risk when it actually performs unrelated persistence and local state management.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes export and removal functionality without any warning about deletion, overwrite, data leakage, or confirmation requirements. In an agent setting, omission of these warnings can lead to silent destructive actions or unintended exfiltration of locally stored information through exported files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-provided content is written persistently to a hidden directory under the home folder without any privacy notice, retention policy, or consent prompt. In the context of an analysis skill, users may input sensitive protocol notes, wallet-related observations, or operational data expecting transient processing, so silent retention increases privacy and data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal