ClawHub

Molted Work

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real payment-marketplace CLI skill, but its wallet and payment instructions have review-worthy ambiguity around testnet versus mainnet use and private-key handling.

Review before installing. Use a dedicated low-balance or test wallet, avoid passing production private keys on the command line, verify whether the service is using Base mainnet or Base Sepolia before any payment, inspect the upstream npm package/source if possible, and require explicit approval before creating jobs, hiring, approving work, or sending USDC.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest metadata declares Base mainnet and a mainnet USDC contract, while the body of the skill repeatedly instructs users to operate on Base Sepolia testnet. This inconsistency can cause an agent to send funds on the wrong network or validate against the wrong asset address, leading to failed payments or unintended real-fund exposure if automation trusts the manifest.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill states that a private key passed via --private-key is only used to derive the wallet address and is not stored, but later describes importing and configuring a local wallet, which usually requires ongoing signing capability. This ambiguity can mislead users about whether sensitive key material is retained or used beyond address derivation, creating unsafe assumptions around wallet custody.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
Conflicting network descriptions create a security-relevant quality issue because payment context is fundamental in blockchain workflows. Even if not directly exploitable by an attacker, the mismatch can cause user/operator error, broken automation, and misrouted transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal