ClawHub

Sdk

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid sports simulation SDK, but it can automatically spend USDC from a configured Solana wallet when a simulation is invoked.

Install only if you are comfortable giving this skill access to a dedicated, low-balance Solana wallet. Do not use a main wallet private key, require explicit approval before every simulation charge, keep debug logging off for paid runs, and treat every simulation call as capable of spending $0.50 USDC plus Solana fees.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (22)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly relies on network access to external APIs and payment infrastructure, yet no permissions are explicitly declared. This weakens reviewability and user/admin awareness because a skill that can contact remote services and initiate paid workflows should declare that capability up front.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as sports simulation/analysis, but the documented behavior also includes wallet balance checks, on-chain USDC payments, signing with a Solana private key, and paid content retrieval. This mismatch can mislead users and reviewers about the financial and key-handling risk, increasing the chance of unintended fund use or overly broad trust.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The SDK for a sports-betting simulation tool also accepts a Solana wallet or raw signing-capable wallet adapter, which expands it from analytics into financial transaction execution. In this context, that coupling is security-relevant because users may provide signing authority to a package whose primary advertised function is simulation, increasing the blast radius if the package or backend is compromised.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The simulate workflow explicitly includes sending USDC to a treasury before starting analysis, so the client is not just fetching data but initiating value transfer. That means any misuse, backend manipulation, or unclear UX could directly lead to unintended payments from a connected wallet.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Exposing a helper that creates the client directly from a secret key encourages callers to load highly sensitive wallet material into application memory for a betting SDK. If that secret key is mishandled, logged, leaked, or used in untrusted environments, the attacker can fully drain the wallet, making this substantially more dangerous than ordinary API credentials.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The published skill metadata says this is for sports betting simulations, but the code also exposes betting-pick and track-record features that materially expand its behavioral scope. That mismatch is dangerous because users or orchestrators may grant or invoke the skill under a narrower trust model than the code actually implements, increasing the chance of unintended betting-oriented actions or deceptive deployment.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The code performs real Solana wallet balance checks and executes USDC transfers, yet the skill description only mentions Monte Carlo sports simulations. This is especially risky because a caller may supply wallet credentials expecting read-only analytics, while the skill can spend funds on-chain and transmit payment proofs to an external API.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The sendPayment logic directly initiates an on-chain USDC transfer to a hard-coded treasury wallet, which is a materially broader and more sensitive capability than a simulation-only skill suggests. In this context, the mismatch makes the issue more dangerous because users may authorize the skill without understanding it can spend cryptocurrency, creating real financial loss risk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill performs real on-chain USDC transfers as part of `simulate()`/`startSimulation()`, which is materially more sensitive than a normal analytics skill. In the context of an agent skill, this means invoking a simulation can directly spend user funds, and the payment target is hard-coded to a remote treasury wallet controlled by the service.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The package lock shows direct inclusion of @solana/spl-token and @solana/web3.js, which introduce blockchain wallet, RPC, and token-transfer capabilities that do not align with a stated sports betting simulation SDK. This capability mismatch increases the risk that the skill can interact with external blockchain assets or prompt users into financial actions outside its advertised purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Token and web3 libraries are context-inappropriate for a sports betting simulation package because they enable blockchain account access, transaction construction, and token operations. In a skill whose declared role is Monte Carlo betting analysis, this hidden capability expansion makes misuse more dangerous and undermines trust in the package's stated function.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements real Solana USDC payment functionality, including balance checks, token account lookup, transaction signing, and transfer to a treasury wallet, while the skill is described only as sports betting simulations with Monte Carlo analysis. That mismatch is dangerous because users or integrators may invoke the skill expecting analysis but instead expose wallets to undisclosed fund movement, creating a strong risk of deceptive or unauthorized payment behavior.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill contains wallet and blockchain payment capabilities that are not justified by its stated purpose, increasing the likelihood of hidden or unexpected financial operations. In the context of a sports betting simulation tool, undisclosed payment logic is especially risky because it can normalize wallet connection and transfer flows under the guise of analytics, enabling loss of funds or abuse of user trust.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README demonstrates loading a Solana secret key directly from a local file and constructing a signing keypair from it, but provides no warning about secure key handling, file permissions, or safer alternatives. In an agent-integration context, examples like this can normalize unsafe wallet management and increase the chance that users expose high-value blockchain credentials to logs, repos, or compromised environments.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Trigger phrases like 'What should I bet on today?' and similar generic betting language are broad enough to match ordinary conversation and may cause the skill to activate unexpectedly. In this skill, accidental activation is more serious because some nearby functions are tied to paid simulations and wallet-backed operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and user-facing flow do not prominently warn that simulations cost USDC and may trigger wallet-backed transactions. Because the skill requires a Solana private key and supports paid simulation calls, insufficient disclosure increases the risk of unexpected charges or unsafe use of sensitive wallet credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows loading a Solana secret key from disk and constructing a client without any strong warning about the sensitivity of that credential. This can normalize unsafe operational practices and lead developers to embed or pass raw private keys into environments where they may be exposed through logs, prompts, crash dumps, or source control.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
`sendPayment()` unconditionally constructs and submits a USDC transfer to a fixed treasury wallet once called, with no built-in confirmation, preview, or interactive warning in the execution path. In an agent setting, this creates a high risk of unintended financial loss if the skill is triggered implicitly or by misleading prompts.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The code sends an `X-Payment` header containing a base64-encoded payment proof with the transaction signature and payer public key to the remote API. While the public key and signature are not secret, this links the user's wallet identity and payment activity to a third-party service without an explicit disclosure step in the request path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The client exposes direct payment-triggering flows through simulate() and startSimulation() without any built-in confirmation, spending guardrail, or explicit acknowledgment step at the point of invocation. In an agent or automated environment, a caller could trigger on-chain payments unintentionally or repeatedly, causing unauthorized or unexpected fund loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The sendPayment method performs a USDC transfer once a wallet is configured and funds are sufficient, but this file contains no user-facing warning, confirmation, or proof that the caller obtained informed consent. That is dangerous because any upstream code path that invokes this method can trigger an actual token transfer to the treasury wallet with minimal friction, especially in a skill whose advertised purpose does not prepare users for financial transactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code logs the payment signature in debug mode immediately after payment confirmation. Payment signatures are sensitive transaction artifacts that can expose financial activity, link user wallets to simulation requests, and leak operational metadata into logs that are often broadly accessible in development, support, or hosted environments. In a sports-betting and payment-enabled skill, this context increases risk because signatures are directly tied to monetized actions and potentially user wallet activity.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal