ClawHub

Nad Wallet

Security checks across malware telemetry and agentic risk

Overview

This wallet skill does what it says, but it handles crypto keys and includes unsafe guidance to persist a private key in shell startup files.

Install only if you are comfortable with wallet-risk automation. Use a dedicated low-value wallet, avoid adding NAD_PRIVATE_KEY to ~/.bashrc or ~/.zshrc, prefer temporary environment variables or a secret manager, and remove ~/.nad-wallet wallet/token files when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation clearly describes use of environment variables and outbound network access to Monad RPC and NadMail, but no declared permissions are present. Undeclared env and network capabilities weaken least-privilege controls and can cause agents or reviewers to underestimate the skill’s ability to access secrets and communicate externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The documented behavior expands beyond the headline description by registering external accounts, storing tokens locally, and writing wallet and mnemonic material to disk. This mismatch is dangerous because operators may approve a wallet utility while overlooking credential storage, persistent filesystem writes, and third-party account actions.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The documentation advises putting a long-lived private key into shell startup files, which makes the secret persist across sessions and increases exposure through backups, shell history workflows, process inheritance, and accidental disclosure. Private keys are highly sensitive credentials, so normalizing permanent shell export is unsafe.

Credential Access

High
Category
Privilege Escalation
Content
1. **Start Auth** - Request authentication message from NadMail API
2. **Sign Message** - Use your private key to sign the SIWE message
3. **Agent Register** - Submit signature and handle to complete registration
4. **Save Token** - Store access token in `~/.nad-wallet/nadmail-token.json`

---
Confidence
88% confidence
Finding
access token

Session Persistence

Medium
Category
Rogue Agent
Content
# Set temporarily
export NAD_PRIVATE_KEY="0x..."

# Set permanently (add to ~/.bashrc or ~/.zshrc)
echo 'export NAD_PRIVATE_KEY="0x..."' >> ~/.bashrc
```
Confidence
97% confidence
Finding
add to ~/.bashrc

Session Persistence

Medium
Category
Rogue Agent
Content
### Managed Wallet Method

```bash
# First create a managed wallet
node scripts/create-wallet.js --managed my-agent

# Then register for NadMail
Confidence
78% confidence
Finding
create a managed wallet node scripts/create-wallet.js --managed my-agent # Then register for NadMail node scripts/nadmail-register.js --wallet my-agent --handle littlelobster ``` ### What Happens Du

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal