Back to skill

Security audit

Pumpclaw

Security checks across malware telemetry and agentic risk

Overview

This skill matches its token-launching purpose, but it gives an agent a wallet private key and can send irreversible Base transactions with weak safety controls.

Review carefully before installing. Use only a fresh Base wallet with minimal funds, avoid exporting a valuable private key in shared environments, inspect the missing shared contract/ABI files, and require manual review before any create, claim, buy, sell, metadata update, or swap command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly relies on environment access by instructing users to set `BASE_PRIVATE_KEY`, but the metadata declares no permissions. That mismatch can cause agents or users to run the skill without understanding it needs access to sensitive credentials, increasing the chance of unsafe execution or accidental secret exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to place a blockchain private key in an environment variable with no warning about the sensitivity of that credential. Private keys grant full wallet control, and in agent or shared-shell environments env vars may be logged, inherited by subprocesses, exposed through diagnostics, or read by other tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill presents token deployment, buying, selling, and fee-claiming commands as simple one-liners without warning that these actions trigger irreversible on-chain transactions and financial exposure. In an agent context, this is more dangerous because autonomous systems may execute commands literally, causing unintended token launches, trades, gas expenditure, or reputational and legal consequences.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script submits a live, irreversible swap immediately from CLI input with no confirmation step and sets amountOutMinimum to 0, which disables slippage protection entirely. In a volatile or manipulated pool, a user can receive far fewer tokens than expected due to MEV/sandwiching, bad pricing, or a mistaken token address, causing direct and unrecoverable loss of funds.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"type": "module",
  "private": true,
  "dependencies": {
    "viem": "^2.45.1"
  }
}
Confidence
90% confidence
Finding
"viem": "^2.45.1"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.