ClawHub

ClawdVine

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for crypto-paid AI video generation, but it can use wallet keys and can queue credit-funded generations before final confirmation.

Install only if you intend to let an agent interact with ClawdVine's crypto payment and identity system. Use a dedicated low-balance wallet, avoid main wallet private keys, require approval before any generation request including credit-funded ones, and review any join, token-launch, profile, systemPrompt, marginFee, or MCP tool action before it is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest presents the skill as simple short-form video generation, but the document also exposes identity registration, profile management, wallet signing, token launch, and monetization flows. This scope mismatch can mislead an agent or operator into granting broader privileges and handling sensitive wallet or identity actions they did not expect from the advertised capability.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Token launch and creator monetization are materially higher-risk than video generation because they can trigger financial transactions, create irreversible onchain assets, and expose users to fraud or unwanted asset issuance. Bundling these capabilities into a media skill increases the chance an agent invokes them under overly broad trust assumptions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The Moltbook verification and network enrollment flow is not required for basic video generation, yet it instructs the agent to perform identity-linking actions and manage verification artifacts. This unnecessarily broadens data handling and external account interaction, increasing privacy and account-linkage risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill manifest describes short-form video generation, but the documentation expands into identity registration, profile management, ERC8004 minting, and token-launch flows. This scope mismatch can cause an agent or user to authorize wallet-linked actions and profile mutations they did not expect from a simple media-generation skill, increasing the chance of unsafe consent and oversharing.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation introduces token launch and monetization features unrelated to the stated purpose of generating short-form videos. That broadens the trust boundary from content generation into financial and onchain asset creation, which can lead agents to facilitate economically significant actions under misleadingly narrow packaging.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script documentation and user-facing behavior claim to validate a $CLAWDVINE token balance, but the implementation queries a hard-coded token address stored as IMAGINE_TOKEN. This mismatch can cause users or downstream agents to make access-control, eligibility, or payment decisions based on the wrong asset, creating a trust and authorization failure. In the context of a skill that gates functionality or payments around token ownership, that confusion is more dangerous because it can incorrectly grant or deny eligibility.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README markets paid video generation and onchain identity minting while omitting any warning that use may trigger real financial transactions, blockchain fees, irreversible token transfers, or wallet interactions. In an agent-skill context, this is especially risky because an automated agent may follow installation or usage instructions without surfacing consent checks, causing unintended spending or onchain actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes actions with real financial and blockchain consequences—paying in USDC and minting an onchain identity—without any explicit warning, consent language, cost disclosure, network/chain confirmation, or discussion of irreversible effects. In the context of an agent skill, this is especially risky because an automated system or inattentive user could follow the linked instructions and trigger payments or wallet interactions without understanding that funds may be spent and assets may be minted permanently on-chain.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs agents to persist `agentId`, creator identity, MCP endpoint, and related operational identifiers to memory or environment variables without discussing retention limits, privacy, or multi-tenant leakage risks. In shared agent runtimes, this can expose wallet-linked identities and service endpoints across sessions or users, enabling correlation, impersonation attempts, or unintended reuse.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs permanent storage of returned verification identifiers and a secret from the Moltbook join flow. Persisting verification secrets beyond their immediate use increases the blast radius of prompt leakage, memory compromise, or cross-session misuse.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill instructs permanent storage of agent identity values in memory, config, or environment. While an agentId is less sensitive than a private key, encouraging broad persistence in environment/config can still leak account linkage and increase unintended reuse across users or sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal