ClawHub

Gasless stop-loss, limit, TWAP, take-profit & market swaps across 8 EVM chains. Zero fees.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DeFi swap skill that clearly centers on wallet signing and relay submission, with no hidden code or install-time execution found.

Install only if you intend to let an agent help prepare and submit live DeFi orders. Before signing or approving, verify the chain, token addresses, spender/verifying contract, amounts, recipient, deadline, slippage, triggers, and relay URL, and avoid storing signed payloads anywhere others can read them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example file provides copy-and-modify relay payloads for signed swap orders but does not warn that signatures, deadlines, chain IDs, recipients, and trigger parameters directly control irreversible on-chain asset movement. In a gasless non-custodial trading skill, users may mistakenly reuse stale or production-like values, misroute funds, submit orders on the wrong chain, or relay malformed signed intents without appreciating the financial consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the user to transmit a signed order payload, including the EIP-712 order message and signature, to a remote relay endpoint without an explicit warning that this is a network submission to a third-party service. In a signing workflow, lack of clear disclosure is risky because users may believe the action is local-only, while the submitted signed order can create a live trade order or expose order metadata for relay-side misuse or unintended execution.

External Transmission

Medium
Category
Data Exfiltration
Content
status: "pending",
};

const response = await fetch("https://agents-sink.orbs.network/orders/new", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify(relayPayload),
Confidence
91% confidence
Finding
fetch("https://agents-sink.orbs.network/orders/new", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
'{order: $typed[0].message, signature: $sig, status: "pending"}' \
  > ./relay-payload.json

curl -fsS -X POST 'https://agents-sink.orbs.network/orders/new' \
  -H 'content-type: application/json' \
  --data @./relay-payload.json
```
Confidence
91% confidence
Finding
curl -fsS -X POST 'https://agents-sink.orbs.network/orders/new' \ -H 'content-type: application/json' \ --data @./relay-payload.json ``` 12. Canonical JavaScript submit path with `ethers` plus st

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal