ClawHub

BlindOracle - Privacy-First Agent Infrastructure

Security checks across malware telemetry and agentic risk

Overview

BlindOracle appears to be a real payments and settlement skill, but it hides specific crypto rails behind generic wording and delegates the actual financial actions to unreviewed external modules.

Review carefully before installing. Use only with scoped payment credentials, low transaction limits, and manual approval for every paid, settlement, swap, withdrawal, or credential-minting action. Treat the generic rail terminology as crypto/USDC payment activity and inspect the missing external handler modules before trusting it with funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises capabilities for settlement, on-chain transfers, and cross-rail asset conversion, but it does not prominently warn users that these actions can move real funds, may be irreversible, and may incur fees or routing risks. In an agent skill context, this is dangerous because downstream agents or operators may treat the examples as routine API calls and trigger real financial actions without adequate confirmation or risk awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill supports settlement, transfers, conversions, and micropayment-funded actions involving real assets, but the description lacks clear user-facing warnings that these operations can move funds irreversibly or incur fees. In a financial/payment infrastructure skill, missing risk disclosures increases the chance of unintended transfers, user deception, or unsafe autonomous execution by agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal