ClawHub

zscore

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for Zeru registry operations, but it gives an agent a funded wallet key and can make irreversible on-chain changes without confirmation safeguards.

Install only if you intend to let the agent manage Zeru registry entries. Use a dedicated low-balance or testnet wallet, never a primary wallet key, and review every write command before execution. Treat fetched agent metadata as untrusted remote content, and prefer running reads/writes manually until the skill adds confirmations or dry-run safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The function dereferences an on-chain agentURI and performs an arbitrary outbound HTTP request without validating the destination, scheme beyond a simple http-prefix check, size, timeout, or trust boundary. Because agentURI is attacker-controlled on-chain metadata, this can enable SSRF-style network access, privacy leaks, or consumption of untrusted JSON by downstream callers who may assume the data is trustworthy because it came from a blockchain lookup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to place a funded private key directly into a persistent config example without any warning about secret handling, least privilege, or use of a dedicated low-value wallet. Because this skill performs blockchain writes, compromise of that config or accidental reuse of a main wallet could lead to direct financial loss and unauthorized on-chain transactions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The `register` command performs a state-changing blockchain transaction that spends funds immediately once invoked, without an explicit confirmation gate after showing the fee and destination context. In an agent skill context, this is more dangerous because an automated caller may trigger irreversible on-chain writes and costs from a loaded private key without meaningful human review.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The metadata update sends an irreversible on-chain transaction without a confirmation step, allowing accidental or policy-violating writes to be executed immediately. In this skill's context, metadata may affect public identity information, so unsafe automation can cause reputational damage and incur gas costs even if no direct compromise occurs.

Missing User Warnings

High
Confidence
92% confidence
Finding
Unsetting an agent wallet is a destructive on-chain action and is executed immediately with no confirmation barrier. In an agent skill with wallet access, this increases the chance that a mistaken instruction, prompt injection, or unsafe automation removes a critical wallet association irreversibly, disrupting agent operation and requiring recovery actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal