ClawHub

Skyinsights

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CertiK SkyInsights API wrapper that sends user-provided wallet or transaction identifiers to SkyInsights for risk checks.

Install this only if you intend to use CertiK SkyInsights and are comfortable sending queried wallet addresses, transaction hashes, chain identifiers, and related request metadata to CertiK. Store the API key and secret in protected environment configuration or a secret manager, avoid committing them to source control, and be aware that automatic AML screening may use additional API quota.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README encourages users to submit wallet addresses and transaction hashes to CertiK SkyInsights but does not clearly disclose that these identifiers are sent to a third-party service. In an AML/risk-intelligence context, those submissions may be sensitive, linkable to investigations, or operationally confidential, so lack of notice can cause unintended data exposure and compliance/privacy issues.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README tells users to set API credentials but provides no guidance on secure secret handling. In practice, users may place secrets in shell history, commit them to repositories, paste them into chats, or expose them in logs and shared environments, leading to unauthorized API use and possible access to sensitive screening activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal