ClawHub

Openclaw Fomo3d

Security checks across malware telemetry and agentic risk

Overview

This blockchain game skill is coherent, but it needs Review because it can spend wallet funds, saves a raw private key to disk, and grants unlimited token approvals.

Only use this with a dedicated low-balance BSC wallet, preferably on testnet first. Do not enter a primary wallet private key, avoid setup if you cannot protect config.json, verify the listed contract addresses, review every amount before running a command, and revoke token allowances after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to provide a blockchain private key and says `setup` saves configuration to `config.json`, but it does not warn about secure storage, plaintext persistence, shell history exposure, or limiting use to burner wallets. Because this skill performs real on-chain spending and approvals, poor key-handling guidance can directly lead to wallet compromise and irreversible loss of funds.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code writes the merged configuration directly to config.json, and the Config type includes a privateKey field. In a blockchain wallet skill, persisting a raw private key to disk in plaintext is dangerous because local compromise, accidental file sharing, backups, source-control mistakes, or permissive filesystem access can immediately lead to theft of on-chain funds.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code automatically grants maxUint256 allowance to the spender whenever the current allowance is insufficient, creating effectively unlimited token spending authority. If the spender contract is compromised, upgraded maliciously, misconfigured, or the user interacts with the wrong address, the approved tokens can be drained far beyond the immediate requiredAmount, and the user is not given a clear warning or safer approval option.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal