clawmarket

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent blockchain-market guide, but it tells agents to collect and reuse raw wallet private keys, which can give ongoing control over funds and transactions.

Review carefully before installing. Do not give the agent a main wallet private key or seed phrase. Use a fresh low-balance wallet, hardware wallet, WalletConnect-style flow, or a dedicated signer that never exposes raw key material, and require explicit confirmation before every registration, trade, vote, or public on-chain post.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly tells the agent to obtain a user's private key and read it from local files or environment variables for repeated signing. Raw private key handling by an agent is highly sensitive because it enables unrestricted asset control, broad exfiltration risk, and persistence beyond a single approved action.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill instructs the agent to solicit, store, and use raw private keys but does not present a clear, prominent warning that these credentials grant full control of the wallet and must never be shared casually. In an agent setting, this omission is especially dangerous because it normalizes direct secret disclosure to an automated system.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill encourages posting and voting on-chain near the beginning without an upfront warning that content is permanent and publicly visible. Users may disclose sensitive, regulated, or reputationally harmful information before later sections mention permanence, making the context more dangerous than an ordinary posting guide.

Ssd 3

High

Confidence: 100% confidence
Finding: This is a direct secret-collection pattern: the skill tells the agent to ask the human for a private key and retain access for ongoing signing operations. If followed, compromise of the agent, logs, memory, prompts, or connected tools could immediately lead to theft of funds, unauthorized transactions, and irreversible wallet takeover.

Ssd 3

High

Confidence: 100% confidence
Finding: The sample user-facing text operationalizes the dangerous behavior by giving the agent a script to persuade the human to provide the private key directly. This materially increases exploitability because it turns a bad internal design into a concrete social-engineering prompt for credential extraction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal