ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NeoGriffin Security

v2.2.1

Multi-chain security API designed exclusively for autonomous AI agents. Prompt injection detection (66 patterns, 95% accuracy), token scam scanning, tx simul...

0· 196·0 current·0 all-time
byDago@cazaboock9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (multi-chain security for autonomous agents) aligns with the endpoints and features listed (injection scanning, token audits, tx simulation, watcher, etc.). However there are small inconsistencies: package.json reports version 2.1.0 while registry metadata shows 2.2.1, and the skill declares NEOGRIFFIN_PAYMENT_WALLET as a required/primary environment variable despite embedding a payment wallet address in the SKILL.md — it's unclear why the user must supply this env var if the receiver address is fixed.
!
Instruction Scope
SKILL.md instructs agents to POST arbitrary inputs (memos, messages, token metadata, and even "skill" content) to an external API. That means any runtime-sensitive text that the agent holds (potentially prompts, transaction data, or parts of skill code) can be transmitted off-host. The doc claims hashing and non-storage of originals, and that full transaction signatures are not stored, but those are operator-side assurances that cannot be verified by the agent. The explicit /api/scan/skill hint ("scans content in memory only — skill code is NOT persisted or shared") is a potentially risky instruction: sending skill contents or other in-memory data to an external service can leak secrets or private data if misused.
Install Mechanism
Instruction-only skill with no install spec or executable payload; no archives or third-party binaries are pulled. This minimizes direct filesystem/code-execution risk.
!
Credentials
Only one required env var (NEOGRIFFIN_PAYMENT_WALLET) is declared, but it's marked as the primary credential. The SKILL.md itself lists a concrete payment wallet address. Requiring the user to set a 'payment wallet' env var is unusual for a consumer security scanner (the API could accept payment signatures without the agent storing a provider wallet). It's unclear whether this env var is read by the agent to direct payments, used as an identifier, or (worse) used to hold credentials. The env var name and 'primaryEnv' label give the impression of a credential even though the value is likely a public address; this mismatch is disproportionate and should be clarified.
Persistence & Privilege
Skill does not request 'always: true' and does not include install hooks. Autonomous invocation is allowed (platform default). There is no evidence the skill requests system-wide config changes or persistent privileges on the agent.
What to consider before installing
This skill implements a plausible security API for autonomous agents, but proceed cautiously. Before installing or enabling it: - Ask the maintainer why NEOGRIFFIN_PAYMENT_WALLET is required as an environment variable and what the agent is expected to store in that env var (public address vs. any secret). Do not set any env var containing private keys or seed phrases. - Never send private keys, seed phrases, or signed private material to the API. Paid endpoints require a tx signature in X-Surge-TX — confirm the provider's claim about not storing full signatures and consider using ephemeral/test signatures first. - Test free endpoints with non-sensitive sample inputs to verify behavior and logs. Confirm that the payment wallet in SKILL.md matches the provider's published receiver address. - Be cautious about the instruction to POST "skill" or in-memory content — that can leak prompts, internal state, or other sensitive material; only send minimized, non-secret data. - Verify operator identity and reputation for api.neogriffin.dev (who runs it, privacy policy, SLA). If you plan to allow autonomous agent invocation that will call this service automatically, limit scope until you trust the provider. If the provider can explain the env-var usage and privacy guarantees in detail (and you audit a small trial), the skill could be usable. If those questions are unanswered, avoid granting it agent automation or sending any sensitive runtime data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xfyec8pbf5mtc3zfwwhkxh83hq8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
EnvNEOGRIFFIN_PAYMENT_WALLET
Primary envNEOGRIFFIN_PAYMENT_WALLET

Comments