ClawHub

AgentsBank

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real crypto wallet SDK, but it can move funds through direct send and batch-send APIs without an enforceable approval step in the artifact.

Review carefully before installing or connecting funded wallets. Use testnet or spending-limited credentials first, enforce a separate human approval step before any send or batch-send call, do not rely on maxGasUSD as an enforced cap in this version, and avoid exposing recovery words in logs or agent-visible output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The `sendSafe` API and comments imply that `maxGasUSD` is part of a pre-flight safety check, but the implementation only calls `estimateGas()` and ignores the returned estimate entirely. This can mislead integrators into believing a gas-cost cap is enforced when transactions may still execute with unexpectedly high fees, undermining a safety control in a fund-transfer library.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The SDK exposes transaction-sending helpers for irreversible fund transfers, but the method documentation and API shape do not strongly warn callers that transfers are final or encourage an explicit confirmation step before execution. In an agentic context, this increases the chance of accidental or prompt-induced fund movement because developers may call the convenience method directly without adding human approval or stronger policy checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The batch transfer helper can send to multiple recipients in sequence and explicitly tolerates partial failure, yet the documentation does not prominently warn that successful transfers are irreversible and that some recipients may be paid even if later sends fail. In an autonomous agent setting, this can amplify loss by enabling multiple unintended transfers in one invocation while leaving the caller to reconcile partial completion afterward.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal