ClawHub

Halving

Security checks across malware telemetry and agentic risk

Overview

This is a local Bitcoin halving reference tool with some stale duplicate files and investment-style language, but no evidence of hidden access, persistence, exfiltration, or account-changing behavior.

Before installing, note that this skill runs local Bash/Python commands and includes historical Bitcoin market-cycle commentary that may be stale or speculative. Do not treat its strategy or price-impact sections as personal financial advice, and be aware the package includes an older generic duplicate under skills/halving that should ideally be removed or aligned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill content materially mismatches the stated metadata and intended purpose: it presents a generic 'halving' reference tool rather than a Bitcoin-specific halving countdown and market-impact analyzer. This can cause the agent to invoke the skill in the wrong contexts, return irrelevant or misleading finance/blockchain guidance, and undermine trust in routing and tool behavior.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implementation does not perform any Bitcoin halving countdown, historical analysis, mining economics, or BTC cycle analysis as promised by the skill metadata; it is a generic static reference text generator. This mismatch is dangerous because users and downstream agents may rely on the skill for financial or operational decisions under false assumptions about its capabilities, leading to incorrect outputs, silent task failure, or decision-support integrity issues.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The header comments and help text explicitly describe the tool as a generic 'Halving Reference Tool' for blockchain contexts, which contradicts the manifest's Bitcoin-halving analyzer purpose. This inconsistency increases the risk of user deception and agent misuse because the interface reinforces incorrect expectations about what the skill does and may cause systems to invoke it in inappropriate contexts.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The script includes direct investment-style strategy advice such as 'DCA aggressively,' 'Continue accumulating,' and 'Take profits gradually' as prescriptive guidance rather than clearly framed educational commentary. In a finance-related skill, this can mislead users into acting on speculative recommendations without suitability checks, risk disclosures, or user opt-in, creating consumer-harm and compliance risk even though it does not execute harmful code.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation guidance is overly broad and generic ('working with halving', 'best practices', 'troubleshooting'), which increases the chance the agent will select this skill for unrelated blockchain or finance requests. In an agent setting, vague triggers can become a routing vulnerability that surfaces incorrect domain content or crowds out more appropriate skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal