Back to skill

Security audit

aaveclaw

Security checks across malware telemetry and agentic risk

Overview

This Aave testnet skill matches its stated purpose, but it handles a raw wallet private key and can sign state-changing lending transactions, so it needs user review before installation.

Install only with a dedicated low-value Base Sepolia testnet wallet. Do not reuse a mainnet or valuable wallet private key, prefer X402_PRIVATE_KEY from a controlled secret source over a persistent plaintext home config, and review every deposit, borrow, repay, withdraw, approval, and faucet transaction before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes use of a local wallet config and state-changing blockchain operations, which implies access to sensitive environment or local configuration capabilities without an explicit permissions declaration. This can mislead users and integrators about the trust boundary of the skill and increases the chance of wallet-affecting actions being run without adequate review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill says it 'manages the full lending lifecycle using the wallet from ~/.x402-config.json' but does not clearly warn that deposit, borrow, repay, and withdraw commands will sign and broadcast real state-changing transactions using a local private key. Even on testnet, this is sensitive behavior because users may unknowingly authorize financial actions or reuse unsafe key-handling practices elsewhere.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup guidance instructs users to place a private key in plaintext within ~/.x402-config.json without any warning about credential exposure. Plaintext secret storage increases the risk of accidental disclosure through backups, shell history, filesystem compromise, or other local tooling that may read user configuration files.

Session Persistence

Medium
Category
Rogue Agent
Content
## Error Handling

- If private key is missing: direct user to create `~/.x402-config.json` with `{"private_key": "0x..."}`
- If insufficient balance: the scripts report exact balances and what is needed
- If health factor would drop too low after borrow: Aave reverts the transaction automatically
- If faucet fails: the faucet contract may have minting limits or may not be available
Confidence
83% confidence
Finding
create `~/.x

Session Persistence

Medium
Category
Rogue Agent
Content
}

  throw new Error(
    'Private key not found. Set X402_PRIVATE_KEY env var or create ~/.x402-config.json with {"private_key": "0x..."}',
  );
}
Confidence
90% confidence
Finding
create ~/.x

Unpinned Dependencies

Low
Category
Supply Chain
Content
"private": true,
  "type": "module",
  "dependencies": {
    "ethers": "^6.13.0"
  }
}
Confidence
92% confidence
Finding
"ethers": "^6.13.0"

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.