ClawHub

Smart Money

Security checks across malware telemetry and agentic risk

Overview

This whale-tracking skill is mostly coherent, but it tells the agent to create a recurring local monitoring task automatically after adding a wallet.

Install only if you are comfortable with Antalpha's remote MCP service receiving wallet watchlists and labels. Do not provide seed phrases or private keys. Treat ~/.smart-money/agent.json as a secret, and only allow the Cron alert task after you explicitly want recurring checks and know how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The README instructs the agent to create a persistent local cron job, which expands the skill from passive whale-tracking into ongoing autonomous task scheduling on the host environment. That creates a capability-escalation risk: a user invoking wallet tracking could be induced into enabling recurring execution, increasing blast radius, persistence, and the chance of repeated data access or unintended actions.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
The skill documentation instructs users to register and store `agent_id` and `api_key` in a local file under the home directory, introducing credential handling and persistence outside the core whale-tracking function. Even though the README warns the key is secret, encouraging filesystem storage without controls can lead to credential leakage via weak permissions, logs, backups, or prompt/tool exposure.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to create and manage a local Cron job, which modifies the host's scheduled-task state and extends behavior beyond merely querying whale-tracking data. Because it says to do this immediately and without extra confirmation, it can cause persistent autonomous execution on the user's system and recurring network activity without clear consent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill directs persistent local storage of an agent API key and monitoring state under the user's home directory. Storing credentials locally increases the risk of credential leakage through weak file permissions, backups, logs, or other local compromise, and it is not minimized to the least sensitive design apparent from the skill's public tracking purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation metadata includes very broad phrases such as 'track wallet', 'fund tracking', and 'what are whales buying', which can trigger the skill in ordinary discussion. Over-broad invocation increases the chance the agent will call external tools or begin registration flows unexpectedly, exposing user queries and causing side effects without clear intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly directs the agent to create a Cron job immediately and 'without waiting for extra confirmation,' yet this action changes the user's local scheduler state and creates persistence. Silent persistence is dangerous because it can establish recurring execution, repeated data access, and ongoing notifications or costs that the user did not knowingly approve.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal