ClawHub

Smart Contract Audit

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent smart-contract audit tool, but it automatically clones and compiles untrusted repositories in ways that can execute local code without a clear confirmation or sandbox requirement.

Install or run this only in an isolated container or disposable VM, especially for third-party repositories. Expect network access, tool installation, repository downloads, compiler/toolchain changes, local output under audit-output, and possible external web searches. Avoid providing private RPC URLs, API keys, wallet keys, or proprietary code unless you have reviewed and accepted those data flows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs cloning arbitrary GitHub repositories based on user input, which expands the attack surface to untrusted remote content and network access. Even if cloning alone is not code execution, it enables ingestion of adversarial repositories that may trigger risky downstream tooling, consume resources, or alter the local workspace unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill performs external web searches against Solodit without declaring that external network access is part of its behavior. This is primarily a transparency and data-governance issue: users may not expect audit details or query terms derived from their codebase to be sent to third-party services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions authorize cloning arbitrary GitHub repositories without warning users that this requires network access and will modify the local workspace. This undermines informed consent and can expose users to unexpected data transfer, disk usage, and interaction with untrusted repositories during a sensitive audit workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically runs project compilation commands (`forge build` / `npx hardhat compile`) and may install/use a Solidity compiler via `solc-select` based on repository contents, without any confirmation gate. In a security-audit skill, this is risky because analyzing an untrusted target repository can trigger arbitrary code execution through build hooks, dependency scripts, or toolchain changes on the analyst's machine.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal