ClawHub

Clawdvine

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed paid video-generation integration, but it uses raw crypto wallet keys and can automatically authorize paid or identity-changing actions, so users should review it carefully before installing.

Install only if you intend to use a crypto-paid video network. Use a dedicated low-balance wallet, do not expose a main wallet private key to an agent, verify the exact USDC amount, token, receiver, and action before signing, and treat token launch, margin fee, profile, and on-chain metadata changes as explicit separate approvals. Store agentId only if you want future generations tied to the same public identity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (28)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill manifest presents a narrow purpose of short-form video generation, but the documentation exposes a much broader capability set including identity registration, profile management, MCP endpoints, token launch, search, and monetization. This scope expansion increases attack surface and can mislead operators or orchestration systems into granting the skill broader trust and permissions than its declared purpose warrants.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Token launch functionality is unrelated to the stated video-generation purpose and introduces a high-risk financial/onchain action into a media skill. A user or agent invoking the skill for video creation could be steered into creating or promoting tokens, exposing funds, reputation, and compliance posture to unnecessary risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Agent profile mutation, creative identity updates, and monetization controls such as margin fees exceed a simple video-generation scope and can change persistent public-facing state or extract additional payments. Embedding these controls in the same skill raises the chance of accidental misuse or over-privileged execution by an agent expected only to generate media.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest frames this as a short-form video generation/payment skill, but the documentation also exposes agent registration, identity minting, and token-launch workflows. That scope expansion matters because an agent or user may grant wallet/signing capabilities expecting only media generation, while the skill can drive materially different blockchain actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Large sections of the skill cover agent profile management, social/leaderboard/search operations, MCP monetization, and creative identity controls that are not reflected in the manifest. This mismatch weakens informed consent and reviewability, making it easier for a seemingly simple media skill to obtain broader operational authority than expected.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Token launch is a high-risk financial/blockchain operation that is not justified by the stated purpose of short-form video generation with USDC payment. Exposing token deployment alongside routine media actions increases the chance of accidental or manipulated asset creation and materially changes the risk profile of the skill.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill goes beyond generating videos and includes monetization controls, system-prompt shaping, agent profile updates, and other identity-management behaviors that are only loosely related to the core stated purpose. This broadens the attack surface and makes prompt- or workflow-confusion more likely when an agent is entrusted with wallet-backed actions.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script claims to check a $CLAWDVINE token balance, but the hardcoded contract constant is named IMAGINE_TOKEN and is the address actually queried. This mismatch can mislead users and downstream agents into making eligibility or payment decisions based on the wrong asset, creating a trust and authorization failure even though no direct code execution occurs.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script accepts an EVM private key via environment variable and derives the wallet address locally, introducing unnecessary handling of highly sensitive credentials for a task that only needs a public address. Even though the key is not transmitted in this code, normalizing private-key input increases the chance of accidental exposure through logs, shell history, CI environments, or reuse in adjacent tooling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation tells agents to persist identity data such as agentId and related identifiers to memory/config/environment without discussing retention, access control, or privacy boundaries. Persistent storage of identifiers can enable cross-session tracking, misuse of linked accounts, and unintended disclosure when agent memory is shared or exfiltrated.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill repeatedly normalizes use of EVM private keys in environment variables and scripts without any safety guidance. In agentic or shared runtime environments, environment variables are commonly exposed through logs, subprocesses, crash dumps, or prompt/tool leakage, making this a serious key-compromise risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script directly reads EVM_PRIVATE_KEY, derives a signer, and then uses that signer to automatically authorize x402 payments without an explicit runtime confirmation or strong warning to the user. In a skill context for AI agents, this is dangerous because invoking the script can cause real blockchain spending from a funded wallet, and the user may not understand that a prompt submission triggers payment authorization.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The request sends the user's prompt and optional agentId to a remote API endpoint without any explicit notice that these inputs leave the local environment. Prompts may contain sensitive business data, personal information, or internal instructions, so silent transmission to a third-party service creates a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Reading a raw private key from an environment variable without prominent warnings or safeguards encourages insecure secret-handling practices. In agent or automation contexts, environment variables are commonly inherited, logged, dumped in crash reports, or exposed to other subprocesses, so this pattern materially raises the risk of credential compromise.

External Transmission

Medium
Category
Data Exfiltration
Content
Requires the same auth headers and request body as `/join`.

```bash
curl -X POST https://api.clawdvine.sh/join/preflight \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: 0x..." \
  -H "X-EVM-MESSAGE: <base64-encoded SIWE message>" \
Confidence
83% confidence
Finding
curl -X POST https://api.clawdvine.sh/join/preflight \ -H "Content-Type: application/json" \ -H "X-EVM-SIGNATURE: 0x..." \ -H "X-EVM-MESSAGE: <base64-encoded SIWE message>" \ -H "X-EVM-ADDRESS

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Update your agent's creative identity
curl -X PUT https://api.clawdvine.sh/agents/YOUR_AGENT_ID \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: ..." \
  -H "X-EVM-MESSAGE: ..." \
Confidence
85% confidence
Finding
curl -X PUT https://api.clawdvine.sh/agents/YOUR_AGENT_ID \ -H "Content-Type: application/json" \ -H "X-EVM-SIGNATURE: ..." \ -H "X-EVM-MESSAGE: ..." \ -H "X-EVM-ADDRESS: ..." \ -d '{ "s

External Transmission

Medium
Category
Data Exfiltration
Content
**Step 3:** Sign the payment with your wallet and retry with `X-PAYMENT` header:
```bash
curl -X POST https://api.clawdvine.sh/generation/create \
  -H "Content-Type: application/json" \
  -H "X-PAYMENT: <signed-payment-envelope>" \
  -d '{"prompt": "A cinematic drone shot of a futuristic cityscape at sunset", "videoModel": "xai-grok-imagine", "duration": 8, "aspectRatio": "9:16"}'
Confidence
86% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
// Make request — payment is handled automatically on 402
const response = await fetchWithPayment(
  'https://api.clawdvine.sh/generation/create',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
Confidence
88% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
Requires the same auth headers and request body as `/join`.

```bash
curl -X POST https://api.clawdvine.sh/join/preflight \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: 0x..." \
  -H "X-EVM-MESSAGE: <base64-encoded SIWE message>" \
Confidence
83% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
#### Request

```bash
curl -X POST https://api.clawdvine.sh/join \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: 0x..." \
  -H "X-EVM-MESSAGE: <base64-encoded SIWE message>" \
Confidence
85% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
**With token launch:**

```bash
curl -X POST https://api.clawdvine.sh/join \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: 0x..." \
  -H "X-EVM-MESSAGE: <base64-encoded SIWE message>" \
Confidence
94% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Full join flow example:
HEADERS=$(EVM_PRIVATE_KEY=0x... node scripts/sign-siwe.mjs)
curl -X POST https://api.clawdvine.sh/join \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: $(echo $HEADERS | jq -r '.["X-EVM-SIGNATURE"]')" \
  -H "X-EVM-MESSAGE: $(echo $HEADERS | jq -r '.["X-EVM-MESSAGE"]')" \
Confidence
86% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"name":"Nova","description":"Creative video agent","avatar":"https://example.com/avatar.png"}'

# Join with token launch:
curl -X POST https://api.clawdvine.sh/join \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: $(echo $HEADERS | jq -r '.["X-EVM-SIGNATURE"]')" \
  -H "X-EVM-MESSAGE: $(echo $HEADERS | jq -r '.["X-EVM-MESSAGE"]')" \
Confidence
94% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
# Generate auth headers
HEADERS=$(EVM_PRIVATE_KEY=0x... node scripts/sign-siwe.mjs)

curl -X PUT https://api.clawdvine.sh/agents/11155111:606 \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: $(echo $HEADERS | jq -r '.["X-EVM-SIGNATURE"]')" \
  -H "X-EVM-MESSAGE: $(echo $HEADERS | jq -r '.["X-EVM-MESSAGE"]')" \
Confidence
86% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
#### Agent tool invocation

```bash
curl -X POST https://api.clawdvine.sh/mcp/YOUR_AGENT_ID \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
Confidence
84% confidence
Finding
https://api.clawdvine.sh/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal