ClawHub
Back to skill

Security audit

Web3 Transfer Update

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent with its stated purpose of helping users prepare and confirm crypto transfers, but users should handle its registration API key carefully.

Install only if you trust Antalpha's MCP transfer service and want an agent to coordinate crypto transfer previews and signing links. Never provide seed phrases, private keys, or keystore files, verify every recipient and amount in your own wallet before signing, and store the registration api_key only in a secret store or similarly protected setting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill declares that transfer execution depends on MCP tools, but the required preregistration step uses an additional `antalpha-register` tool that is not listed in the runtime capability section or manifest requirements. This mismatch can cause agents to operate with incomplete capability assumptions, leading to authentication failures, unexpected fallback behavior, or insecure substitution of registration/credential handling outside the declared tool boundary.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The skill correctly forbids requesting wallet secrets, but later instructs the agent to persist an `api_key` obtained during registration without defining storage scope, retention, or secret-handling controls. Persisting API credentials in an underspecified way can expose backend authorization material through logs, memory replay, prompt injection side effects, or cross-session leakage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.