ClawHub

Nano (XNO)

Security checks across malware telemetry and agentic risk

Overview

This Nano wallet skill is mostly coherent, but it gives an agent real cryptocurrency authority and instructs automatic on-chain receiving without explicit user confirmation.

Review before installing if you do not want an agent to perform Nano wallet actions. In particular, require explicit approval before any receive, send, refund, representative change, spending-limit change, or RPC configuration change, and avoid using this skill for generic wallet or balance requests unless they are clearly about Nano/XNO.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes very broad terms such as "wallet", "wallets", "balance", "pending", "qr code", and "refund", which are not unique to Nano and can cause the skill to activate in unrelated contexts. In this skill, unintended activation is more dangerous because the instructions include state-changing wallet actions like receiving funds and sending refunds, so accidental routing into this skill could lead to incorrect financial operations or unsafe guidance.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill mandates automatic execution of `wallet_receive` whenever pending funds are detected, without requiring explicit user confirmation even though receiving funds is a state-changing blockchain action. In a financial context, automatic chain writes can have compliance, accounting, privacy, and operational consequences, and an unintended skill activation or wrong-wallet selection could cause irreversible changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation exposes a direct fund-transfer command without any warning that Nano transfers are generally irreversible and may result in permanent loss if the destination address or amount is wrong. In a wallet-operation skill, omission of this safety guidance increases the chance of user error and unsafe agent behavior around real financial transactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly instructs users to provide a private key on the command line (`--key <hex>`) without any warning about the sensitivity of that material. Command-line secrets are commonly exposed through shell history, process listings, logs, and terminal recordings, so normalizing this usage can lead to credential compromise and theft of wallet funds. In a cryptocurrency wallet skill, this context makes the issue more dangerous because a leaked private key directly enables unauthorized transfers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal