ClawHub

Chromia Skill

Security checks across malware telemetry and agentic risk

Overview

This is a Chromia developer guide with expected blockchain deployment and key-handling instructions, but users should be careful with private keys and destructive deployment commands.

Install this as a Chromia development reference, not as permission for an agent to deploy autonomously. Keep real private keys out of chat, logs, source control, and browser/client code; prefer secure key management over plaintext .env for production. Before running deployment create/update/remove, using -y, or running chr node start --wipe, verify the network, blockchain name, container, key identity, and whether state loss or removal is acceptable. Do not store secrets, personal data, regulated data, or confidential prompts/outputs on-chain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill’s Zero-Secret Policy conflicts with earlier guidance that explicitly discloses a private test key and tells the agent to provide it in generated client code for storage in .env. Even though the key is described as deterministic and non-production, normalizing secret distribution inside a security-sensitive blockchain skill can cause users or downstream agents to copy the pattern into real deployments and weakens the consistency of the skill’s safety model.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill recommends the destructive command `chr node start --wipe` without any immediate warning that it erases local blockchain state. In a development workflow skill, an agent may surface or run this as routine guidance, causing accidental data loss, deletion of local test environments, or disruption of debugging work when the user did not intend a reset.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The critical rule says to always run `chr node start --wipe` before deployment validation, effectively normalizing a destructive reset as mandatory workflow. Because this is framed as a hard requirement, an agent may recommend or execute it without checking user intent, increasing the likelihood of preventable local state loss and damage to deployment rehearsal environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that AI agent inputs and outputs can be recorded on-chain for transparency, but it does not prominently warn that blockchain-stored data may be persistent, widely visible, and inappropriate for secrets, personal data, or regulated content. In a developer-facing skill, this omission can lead builders to design systems that unintentionally publish sensitive prompts, outputs, or user data, creating privacy and compliance risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly recommends using `-y` to skip the deployment confirmation prompt during a state-changing blockchain deployment. In a deployment skill, this increases the chance that an agent or user executes an unintended or insufficiently reviewed operation, especially because deployment affects live infrastructure and may be costly or hard to roll back.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file presents a permanent removal command for a deployment with only a brief parenthetical note and no prominent safety guidance, confirmation advice, or recovery limitations. In the context of blockchain deployment operations, this can lead to destructive mistakes that may cause irreversible service loss or deletion of live environments.

Context Window Stuffing

Medium
Category
Memory Poisoning
Content
# Test config — use rell.test.keypairs.alice keypair (deterministic, no real-world value)
# pubkey:  02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27
# privkey: 0101010101010101010101010101010101010101010101010101010101010101
# When generating client code that signs with this test admin key, always provide
# the private key so the user can store it (e.g. in .env) for later signing.
test:
Confidence
84% confidence
Finding
0101010101010101010101010101010101010101010101010101010101010101

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal