ClawHub

Pumpclaw

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Base token-launching skill, but it can sign irreversible blockchain transactions from a private key with weak safety controls and unreviewed runtime pieces.

Install only if you intend to let an agent sign real Base transactions. Use a fresh wallet with minimal funds, avoid shared shells or logs for BASE_PRIVATE_KEY, review the missing shared contract and ABI files before use, and require manual confirmation before any create, claim, buy, sell, metadata update, or swap operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation tells users to place a Base wallet private key in an environment variable but provides no warning that this credential can irreversibly control assets and sign transactions. In agent workflows, users may paste long-lived keys into broadly accessible environments, logs, shells, or hosted runtimes, increasing the chance of credential theft and complete wallet compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The quick-start and command examples present token deployment and trading as simple one-line operations without warning that they trigger real, irreversible on-chain transactions with gas costs and possible financial loss. Because this skill is specifically designed for token launch and trading on Base, the omission is more dangerous: users may treat examples as harmless demos when they actually create assets, trade funds, and potentially expose themselves to scams, market loss, or unintended token launches.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The create command submits an irreversible on-chain transaction immediately after parsing CLI arguments, with no confirmation prompt, dry-run mode, or explicit warning that real funds and state changes are involved. In an agent skill whose stated purpose is autonomous token deployment on Base, this increases the risk of accidental token launches, misuse by higher-level automation, or unintended execution from malformed inputs/scripts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The claim command performs a live fee-claim transaction with a user-supplied token address and no confirmation or safety interlock. Because this tool is designed for autonomous blockchain operations, the absence of a prompt or explicit acknowledgement makes accidental claims or agent-triggered unintended transactions more likely, especially when integrated into scripts or MCP workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script immediately executes an on-chain swap based solely on CLI arguments, with no interactive confirmation, dry-run mode, or strong warning despite spending real funds irreversibly. In this skill context, that is more dangerous because it is positioned as agent-facing revenue infrastructure and could be invoked automatically, increasing the chance of accidental or unauthorized trades.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal