ClawHub

IQDB On-Chain Storage

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Solana storage guide, but users should treat wallet signing, payments, and on-chain data as real and permanent.

Install only if you intend to build Solana on-chain storage. Use devnet or a low-balance wallet first, protect the ANCHOR_WALLET keypair like a private key, verify any mainnet transaction or x402 payment before signing, and do not store secrets, private keys, personal data, regulated data, or unencrypted confidential files on-chain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference describes permanent on-chain file storage and a payment-gated inscription flow, but it does not explicitly warn that uploaded data becomes publicly readable and effectively irreversible once recorded on-chain. In this skill context, that omission is more dangerous because the feature is specifically meant for persistent storage and could lead users to upload sensitive files or personal data under the mistaken assumption that payment-gated access implies privacy.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill presents hanLock as a way to add 'privacy' before writing data on-chain, but it does not clearly warn that blockchain data is still publicly accessible and that password-based encoding/obfuscation is not equivalent to robust encryption. In this context, users may store secrets, credentials, or regulated data on an immutable public ledger under a false sense of confidentiality, leading to permanent data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal