ClawHub

Launchpad

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as a read-only blockchain reference, but the package also includes a stateful local data tool that stores, deletes, configures, and exports user entries.

Review before installing. Only use this if you are comfortable with a bundled local note/database utility in addition to the advertised reference guide. Do not enter wallet material, credentials, private protocol notes, or other sensitive data into the add/config commands, and check ~/.launchpad plus any launchpad-export files if it has already been run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill metadata and body claim the skill analyzes launchpad operations, protocol security, and on-chain concepts, but the documented commands implement a generic CRUD-style entry manager. This mismatch can mislead an agent or user into invoking the skill in security-sensitive contexts while actually running unrelated local actions, increasing the chance of unsafe or unintended behavior.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises blockchain/security analysis capabilities, but the command set is a generic local CLI with add/remove/export/config operations and no visible analysis behavior. In an agent ecosystem, this kind of capability misrepresentation is dangerous because it can cause the system to grant trust, invoke the tool under false assumptions, or expose local files and state changes where only read-only reference behavior was expected.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a blockchain/crypto analysis reference tool, but the implementation is a local data collection and persistence utility. This kind of capability mismatch is dangerous because it can trick users or higher-level agents into supplying sensitive operational notes, wallet-related data, or research content under false pretenses, which the script then stores locally.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The top-of-file documentation claims analytical/reference behavior that does not exist in the code, while the script actually records user-provided content to disk. Misleading documentation in a skill is a security issue because users and orchestrators may grant trust and provide sensitive data based on the claimed purpose rather than the actual behavior.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The help text advertises launchpad analysis and on-chain reference functions, but the commands implement note storage, search, deletion, export, and config management. This discrepancy increases the likelihood of deceptive collection of user data and misuse in automated environments that rely on help text to determine what a tool does.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation language is broad enough to match many blockchain, protocol-security, or on-chain concept requests, even though the documented commands do not support those tasks. This can cause over-triggering and inappropriate tool selection, leading an agent to execute irrelevant or side-effecting commands in response to benign analytical queries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes destructive or file-affecting commands such as remove, export, and config changes without any warnings, confirmations, or safety guidance. In an agent-driven environment, undocumented side effects materially increase the risk of accidental data deletion, overwriting files, or modifying persistent configuration without informed user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied entries are written verbatim to a persistent file in the user's home directory without any notice, consent prompt, retention policy, or data classification guidance. In the context of a deceptively described skill, this is more dangerous because users may enter wallet, protocol, or regulatory notes believing they are using a read-only reference tool rather than a logger.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The export command creates or overwrites a file in the current working directory without confirming the destination or warning about file creation. While the filename is fixed rather than attacker-controlled, this can still cause unintended disclosure or clobber user files, especially in automated workflows or shared directories.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal