ClawHub

Soma

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent SOMA participation guide, but it asks users to handle wallet keys, cloud secrets, public data uploads, live blockchain actions, remote installers, and recurring jobs with incomplete guardrails.

Install only after reviewing the SOMA installer and using throwaway/testnet wallet keys. Do not paste private keys into chats or logs, restrict S3/HuggingFace/Modal credentials to the minimum needed, verify every transaction before signing, avoid executing serialized transactions from untrusted sources, submit only data you are allowed to publish, screen datasets for secrets/PII/regulated content, and monitor or disable Modal cron jobs to control spending and ongoing activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This section explicitly instructs users to enumerate competitor models, download their weights, and retrieve winning submission data for reuse. Even if the SOMA network permits this technically, packaging competitive intelligence extraction as recommended guidance expands the skill from neutral workflow help into adversarial operational enablement and may facilitate misuse of third-party artifacts without clarifying permissions, provenance, or policy constraints.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The document goes beyond describing SDK usage and teaches users how to fine-tune from competitor checkpoints, distill from teacher models, and average weights from multiple successful models. That materially increases the capability for competitive appropriation and model cloning, which is risky when the skill is framed as an expert guide and does not include boundaries around authorization, licensing, or acceptable-use constraints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes `soma wallet export --address <ADDR>` without any warning that it exports secret key material. In a wallet-management CLI for a decentralized network, omitting that caution increases the chance users expose private keys through terminal history, logs, screenshots, or insecure storage, which can directly lead to wallet compromise.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The transaction execution commands (`execute-serialized`, `execute-signed`, `execute-combined-signed`) are presented without warning that they can submit live transactions and cause irreversible on-chain effects. In this skill context, users are being guided through token, staking, and model operations, so lack of caution can cause unintended transfers, state changes, or execution of attacker-supplied transaction bytes.

Missing User Warnings

Low
Confidence
73% confidence
Finding
`soma start localnet --force-regenesis` is documented without stating that it resets the local chain state. While limited to local development, this can still cause accidental loss of test state, wallets, objects, or debugging context if users do not realize it is destructive.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guidance explicitly encourages using API responses and generated content as submission sources without any guardrails around personal data, confidential content, licensing, or terms-of-use restrictions. In a data-ingestion skill for a decentralized training network, this omission can lead users to collect and submit sensitive or unauthorized material into downstream training pipelines.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Recommending issue discussions and pull request conversations as data sources is risky because those materials often contain user-generated content, internal architecture details, secrets pasted for debugging, email addresses, and other personal or confidential information. In the SOMA context, the skill is operational guidance for harvesting training data at scale, so the lack of warnings materially increases the chance of collecting and redistributing sensitive content.

Missing User Warnings

High
Confidence
98% confidence
Finding
Suggesting PubMed abstracts, medical literature, chemistry data, and bioinformatics sequences without any compliance warning is dangerous because these domains can involve regulated, sensitive, or dual-use information and may trigger legal or ethical restrictions on collection and processing. Given this skill's purpose is to help users maximize competitive data submissions, the context makes the omission more dangerous by incentivizing broad ingestion from high-risk domains without safeguards.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The markdown includes concrete examples that perform third-party network retrieval of models and submission data but gives no warning that these actions access remote resources or may download other participants' artifacts. In an agent skill context, omission of such warnings is dangerous because it normalizes silent external access and reduces user awareness of privacy, compliance, and consent implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly instructs users to place long-lived secrets in a local `.env` file and then bulk-upload them into a Modal secret group, but it provides no warnings about secret scope, least-privilege, accidental commit risk, or rotation practices. In a security-sensitive skill, normalized secret-handling guidance without safeguards increases the chance of credential disclosure or misuse by users copying the pattern into production.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example loads a private key directly from an environment variable without any warning about secret handling, exposure risk, or safer alternatives. In a skill that teaches blockchain operations and reward management, normalizing direct secret-key use can lead users to place wallet keys into broadly scoped environments, increasing the chance of leakage through logs, shell history, crash dumps, or downstream tooling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The snippet performs an on-chain staking action that can move funds without any adjacent warning, dry-run note, or confirmation step. Because this skill is an operational guide for a tokenized competitive network, users are likely to copy commands directly, so omitting transactional safeguards raises the risk of unintended financial loss or mis-staking.

External Script Fetching

High
Category
Supply Chain
Content
### Step 1: Install CLI and Create Wallet

```bash
curl -fsSL https://sup.soma.org | bash && sup install soma
soma wallet new
soma faucet           # fund on testnet
soma wallet export    # save the secret key — you'll need it next
Confidence
97% confidence
Finding
curl -fsSL https://sup.soma.org | bash

External Script Fetching

High
Category
Supply Chain
Content
User says: "Install SOMA and help me start contributing" / "Set up SOMA and start submitting data"

Actions:
1. Install soma CLI (`curl -fsSL https://sup.soma.org | bash && sup install soma`)
2. Create wallet (`soma wallet new && soma faucet && soma wallet export`)
3. Fork the quickstart repo, run `uv sync`
4. Walk through each `.env` credential — explain what it does and where to get it
Confidence
97% confidence
Finding
curl -fsSL https://sup.soma.org | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal