ClawHub

Bread Protocal

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Bread Protocol, but it should be reviewed because it guides raw wallet-key use and real Base mainnet transactions without clear approval and risk safeguards.

Install only if you specifically intend to use Bread Protocol. Do not paste a main-wallet private key into an agent; use a dedicated low-balance wallet or a wallet flow that requires manual signing. Independently verify the website, Base chain, contract addresses, approval amounts, proposal IDs, ETH values, and gas before every transaction, and revoke allowances when done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description uses very broad trigger phrases such as references to wallets, meme coin launching, and Base launchpad activity, which can cause the skill to activate in contexts where the user did not intend to interact with this protocol. Because the skill guides users into wallet connection, token purchase, approvals, and on-chain actions, unintended activation increases the risk of misdirected financial workflows and unsafe transaction suggestions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The getting-started instructions tell users to connect a wallet, fund with ETH, and approve BREAD without a prominent warning that approvals authorize token spending and that all on-chain actions carry irreversible financial risk. In a skill centered on a speculative meme-coin launchpad, omission of these warnings is dangerous because users may grant approvals or send value without understanding exposure to loss, malicious interfaces, or contract risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples include live `approve` and payable `backProposal` transactions against Base mainnet contracts, but they do not explicitly warn that these actions spend real funds, create token allowances, and are generally irreversible once submitted on-chain. In an agent skill focused on wallet and launchpad activity, users or downstream agents may treat the snippets as copy-paste-safe guidance, increasing the chance of unintended approvals or ETH loss.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This walkthrough includes several real on-chain write operations such as token approvals, proposal submission, ETH-backed transactions, and reward/refund claims, but it does not prominently warn users that these actions spend real assets, require valid private keys, and can be irreversible once broadcast. In an agent skill context, examples are especially risky because users or downstream agents may treat them as operational instructions and execute them against mainnet/Base without appreciating the financial consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal