ClawHub

Xian Node

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for running a Xian node, but its handling of validator private keys and destructive node-reset commands needs review before use.

Install only if you are comfortable operating a blockchain validator. Treat all validator private keys as secrets: avoid pasting them into chat or command history, store them in a protected file or secret manager, and back up keys/configuration before using wipe or reset commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents `make wipe` and `make dwu` as routine management commands without clearly warning that they erase blockchain state and can destroy local node data. An operator or downstream agent could run them during troubleshooting and cause irreversible data loss, service interruption, or accidental reinitialization of a validator/service node.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The validator setup instructions tell users to pass a raw private key directly on the command line, which risks exposure through shell history, process listings, terminal logs, CI logs, and copied transcripts. In a blockchain validator context, disclosure of this key can enable validator impersonation, compromise signing authority, and potentially lead to slashing, fund loss, or network trust damage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The key generation example prints the validator private key to standard output without any warning to secure it immediately, avoid screenshots/logging, or store it in a protected secret manager. Because this skill is for node operators, users may run the snippet in shared terminals, recorded sessions, or automation environments, leading to direct compromise of validator credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal