Back to skill

Security audit

Clawdvine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real video-generation skill, but it also grants wallet-based payment, signing, onchain identity, token launch, and remote MCP capabilities that deserve manual review before use.

Install only if you intend to let this skill interact with a limited-funds EVM wallet for USDC payments and onchain identity actions. Use a dedicated wallet, verify all payment amounts and token-launch details before confirming, avoid storing private keys in shared environments, and treat the remote MCP endpoint as a third-party service that may receive prompts and wallet-linked agent metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (30)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames the skill as only short-form video generation, but the body documents materially broader capabilities including agent registration, identity minting, token launch, monetization, and profile management. This scope mismatch can mislead operators and automated policy systems into granting the skill trust or permissions inappropriate for its real behavior.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill includes network-join and token-related functionality that is not necessary for basic video generation, expanding the action surface into financial and onchain operations. This increases the chance an agent or user triggers wallet-affecting behavior under the guise of a media tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented /join flow can atomically launch a token during agent registration, combining identity creation with a financial asset deployment workflow. In the context of a skill marketed for video generation, this is a dangerous hidden capability because it could lead to unauthorized or poorly understood blockchain transactions and reputational or financial harm.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Configurable margin fees introduce a monetization mechanism beyond simple content generation, allowing the skill to influence or profit from paid transactions routed through agent endpoints. This broadens the risk from media generation to payment manipulation and economic abuse, especially if users are not clearly informed.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The script claims to verify $CLAWDVINE holdings, but it actually queries a hard-coded contract stored in IMAGINE_TOKEN. This mismatch can mislead users or downstream automation into making eligibility or payment decisions based on the wrong asset, which is especially risky in a blockchain/payment-related skill where token gating may control access or spending.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes paying with USDC and minting an onchain identity token without providing any warning about irreversible blockchain transactions, wallet risk, gas fees, token approvals, or financial loss. In an agent-skill context, this is more dangerous because automated agents or their operators may treat the README as operational guidance and initiate value-bearing actions with insufficient user awareness or consent safeguards.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill explicitly tells agents to persist `agentId`, credits balance, MCP endpoint, and creator wallet/address to memory, config, or environment variables without any guidance on sensitivity, access controls, or retention. While these are not private keys, they are still identity-linked metadata that can leak wallet associations, usage history, or enable unintended attribution/tracking if stored in shared logs or agent memory.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages use of USDC payments and on-chain identity minting but does not clearly warn users about irreversible blockchain transactions, wallet exposure, fees, jurisdictional/compliance concerns, or privacy implications of tying activity to a persistent on-chain identity. In an agent-skill context, this is risky because operators may follow installation or onboarding steps with real funds and wallets based only on the README’s marketing language.

External Transmission

Medium
Category
Data Exfiltration
Content
# → Returns: post.id

# Step 3: Complete verification + create your agent
curl -X POST https://api.clawdvine.sh/join/moltbook/complete \
  -H "Content-Type: application/json" \
  -d '{
    "publicIdentifier": "<from step 1>",
Confidence
87% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"token": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
      "amount": "1200000",
      "receiver": "0x7022Ab96507d91De11AE9E64b7183B9fE3B2Bf61",
      "resource": "https://api.clawdvine.sh/generation/create"
    }
  ]
}
Confidence
89% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
// Make request — payment is handled automatically on 402
const response = await fetchWithPayment(
  'https://api.clawdvine.sh/generation/create',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
Confidence
92% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"moltbookUsername": "YourUsername",
  "network": "imagine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/moltbook:YourUsername",
    "toolsUrl": "https://api.clawdvine.sh/mcp/moltbook:YourUsername/tools"
  },
  "tags": ["video-generation"],
Confidence
83% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"network": "imagine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/moltbook:YourUsername",
    "toolsUrl": "https://api.clawdvine.sh/mcp/moltbook:YourUsername/tools"
  },
  "tags": ["video-generation"],
  "hints": {
Confidence
83% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
Description: Creative AI video agent
Avatar:      https://example.com/avatar.png (or base64 → IPFS on submit)
Network:     ethereum (default)
API:         https://api.clawdvine.sh/join
Auth:        SIWE (EVM wallet)

✅ Ready to join. Proceeding...
Confidence
86% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
Paired:    $CLAWDVINE
  Rewards:   70% creator / 30% platform

API:         https://api.clawdvine.sh/join
Auth:        SIWE (EVM wallet)

✅ Ready to join. Shall I proceed?
Confidence
90% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"creatorType": "evm",
  "network": "clawdvine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/1:606",
    "toolsUrl": "https://api.clawdvine.sh/mcp/1:606/tools"
  },
  "onChainIdentity": {
Confidence
82% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"network": "clawdvine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/1:606",
    "toolsUrl": "https://api.clawdvine.sh/mcp/1:606/tools"
  },
  "onChainIdentity": {
    "standard": "ERC8004",
Confidence
82% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"creatorType": "evm",
  "network": "clawdvine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/1:606",
    "toolsUrl": "https://api.clawdvine.sh/mcp/1:606/tools"
  },
  "onChainIdentity": {
Confidence
82% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
"network": "clawdvine-agentic-media-network",
  "mcp": {
    "endpoint": "https://api.clawdvine.sh/mcp/1:606",
    "toolsUrl": "https://api.clawdvine.sh/mcp/1:606/tools"
  },
  "onChainIdentity": {
    "standard": "ERC8004",
Confidence
82% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"name":"Nova","description":"Creative video agent","avatar":"https://example.com/avatar.png"}'

# Join with token launch:
curl -X POST https://api.clawdvine.sh/join \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: $(echo $HEADERS | jq -r '.["X-EVM-SIGNATURE"]')" \
  -H "X-EVM-MESSAGE: $(echo $HEADERS | jq -r '.["X-EVM-MESSAGE"]')" \
Confidence
93% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
# Generate auth headers
HEADERS=$(EVM_PRIVATE_KEY=0x... node scripts/sign-siwe.mjs)

curl -X PUT https://api.clawdvine.sh/agents/11155111:606 \
  -H "Content-Type: application/json" \
  -H "X-EVM-SIGNATURE: $(echo $HEADERS | jq -r '.["X-EVM-SIGNATURE"]')" \
  -H "X-EVM-MESSAGE: $(echo $HEADERS | jq -r '.["X-EVM-MESSAGE"]')" \
Confidence
90% confidence
Finding
https://api.clawdvine.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
curl https://api.clawdvine.sh/mcp/tools

# Tool invocation (must pass agentId manually if needed)
curl -X POST https://api.clawdvine.sh/mcp \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
Confidence
88% confidence
Finding
https://api.clawdvine.sh/

Unpinned Dependencies

Low
Category
Supply Chain
Content
"build:tar": "node scripts/build-tar.mjs"
  },
  "dependencies": {
    "@x402/evm": "^2.2.0",
    "@x402/fetch": "^2.2.0",
    "siwe": "^2.3.2",
    "viem": "^2.45.1"
Confidence
96% confidence
Finding
"@x402/evm": "^2.2.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "@x402/evm": "^2.2.0",
    "@x402/fetch": "^2.2.0",
    "siwe": "^2.3.2",
    "viem": "^2.45.1"
  },
Confidence
96% confidence
Finding
"@x402/fetch": "^2.2.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "@x402/evm": "^2.2.0",
    "@x402/fetch": "^2.2.0",
    "siwe": "^2.3.2",
    "viem": "^2.45.1"
  },
  "repository": {
Confidence
95% confidence
Finding
"siwe": "^2.3.2"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.prompt_injection_instructions

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
clawdvine-skill-1.1.0/scripts/build-tar.mjs:54

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/build-tar.mjs:54

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
clawdvine-skill-1.1.0/scripts/check-balance.mjs:22

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
clawdvine-skill-1.1.0/scripts/x402-generate.mjs:29

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/check-balance.mjs:22

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/x402-generate.mjs:29

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
clawdvine-skill-1.1.0/SKILL.md:1564

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:1564