ClawHub

Vrf

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as VRF/blockchain analysis but actually behaves like a local entry manager that stores, deletes, exports, and configures local data.

Install only if you want a small local entry tracker, not a VRF or blockchain security-analysis tool. Do not store secrets or wallet/protocol-sensitive notes in it, and review remove/export/config commands before allowing an agent to run them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The command list describes status/add/list/search/remove/export/stats/config operations typical of a local datastore, not VRF analysis. In an agent setting, this deceptive documentation can cause incorrect tool selection and lead to unintended persistence, data deletion, or exfiltration through export functions under the guise of harmless analytical use.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest markets the skill as VRF/on-chain analysis, while the documented commands imply persistent local storage and configuration management. This inconsistency undermines trust boundaries for autonomous agents, which may grant the skill access or invoke it based on the declared analytical purpose even though it can modify local state.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Add, remove, export, and config operations are not justified by the stated purpose of VRF analysis and create unnecessary state-changing and data-handling capability. Even if not overtly malicious, these commands expand the attack surface by enabling deletion, persistence, and file output in contexts where users expect read-only analysis.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a VRF analysis tool, but its actual behavior is a generic local data manager with add/list/search/remove/export/config capabilities. This mismatch is dangerous because it can mislead users and orchestrators into granting or invoking broader persistence and data-handling behavior than the declared purpose justifies, enabling covert data collection or misuse under a false security context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script creates a persistent data directory and writes arbitrary user-supplied content to disk despite being described as a VRF analysis tool. In this context, unjustified persistence increases risk of silent data retention, accidental storage of sensitive inputs, and capability creep beyond the stated operational need.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline description claims the script analyzes VRF operations, but the implemented commands are unrelated generic entry-management operations. Security reviewers and users rely on metadata and help text for trust decisions, so deceptive labeling materially increases the risk of inappropriate execution and over-trust of hidden capabilities.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough that an agent may select this skill for general blockchain or protocol-security questions. Because the skill's documented behavior does not match that scope, overbroad routing can trigger an inappropriate tool with local write/delete/export capabilities in contexts that should be purely analytical.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents destructive and data-writing commands such as remove, export, and config changes without warnings, safeguards, or confirmation requirements. In agentic workflows, missing warnings materially increase the chance of accidental data loss, unintended file creation, or configuration drift.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persistently records user-provided entries and configuration values to local files without informing the user about storage location, retention, or sensitivity implications. In an agent-skill setting, this is risky because users may provide operational, wallet, or protocol-related data assuming transient analysis, leading to unanticipated local persistence and exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal