ClawHub

Walletconnect Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed for autonomous crypto wallet signing, but it appears to give an agent broad transaction-signing authority without clear user approval or tight limits.

Only install this if you fully understand that it may let an agent sign wallet messages and blockchain transactions automatically. Use a dedicated low-value wallet, never a primary wallet or reusable private key, and require clear limits such as contract allowlists, spend caps, chain restrictions, transaction simulation, and manual approval for sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads a raw PRIVATE_KEY from the environment, instantiates a signing wallet, and then automatically approves WalletConnect sessions and signs arbitrary personal_sign, typed-data, and eth_sendTransaction requests from the connected dApp. In this skill's context, that is especially dangerous because the advertised purpose is autonomous dApp access and auto-signing, so a compromised site, malicious WalletConnect peer, or UI flow change could trigger unauthorized signatures or on-chain transactions with no meaningful user verification.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill explicitly promotes fully autonomous dApp interaction with 'no human needed' and automatic signing. In the context of cryptocurrency wallets, removing human approval from transaction signing is highly dangerous because any malicious or compromised dApp session can trigger irreversible transfers, approvals, or signatures.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The package description explicitly advertises broad autonomous dApp access for AI agents and auto-signing behavior without any mention of user confirmation, scoped permissions, transaction policy, or value limits. In the context of a wallet connector, this signals a design that could let an agent initiate sensitive blockchain actions with little or no human oversight, materially increasing the risk of unauthorized transfers or destructive on-chain operations.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The manifest states that the agent can 'auto-sign transactions,' which is highly dangerous for a wallet-integrated skill because signing is the security boundary that authorizes irreversible blockchain actions. Without explicit opt-in and policy constraints, an agent connected to arbitrary dApps could approve token spending, transfer assets, sign malicious messages, or interact with hostile contracts autonomously.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal