ClawHub

Zora NFT Pro

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by generating and deploying NFTs, but it can use a raw wallet private key to submit live blockchain transactions without a clear review or confirmation step.

Install only if you are comfortable giving this skill control of a dedicated low-value deployment wallet. Do not use a primary wallet key, review any transaction details outside the skill before broadcast, and prefer pinned dependencies plus an external signer or wallet flow that requires per-transaction approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares access to sensitive environment variables, including a wallet private key, but does not declare permissions or otherwise signal that secret material will be consumed. This creates a trust and transparency gap: users or hosting platforms may expose credentials to a skill that performs networked, irreversible blockchain actions without clear capability disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises immediate NFT creation and contract deployment but omits any warning that these are irreversible, potentially fee-incurring, public on-chain actions. In this context, the omission is dangerous because users may trigger permanent blockchain transactions and public minting behavior without informed consent or understanding of financial and reputational consequences.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly requires a PRIVATE_KEY for Zora deployment yet provides no warning about the sensitivity of that credential or the risks of exposing a raw wallet key to automation. Because a private key enables full control of the wallet, poor handling could lead to asset theft, unauthorized transactions, or compromise beyond this single NFT deployment flow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill reads sensitive credentials and initializes a signing account from environment variables without any user-facing disclosure, consent flow, or guardrails. In an agent context, this is risky because the skill can silently gain access to a wallet private key and blockchain RPC connectivity, enabling financially significant actions that the user may not realize the skill can perform.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code signs and broadcasts a blockchain transaction immediately using the loaded private key, with no explicit confirmation, transaction preview, or user approval step. In this skill's context, that is especially dangerous because deploying contracts on Zora can spend funds, create irreversible on-chain state, and be abused to trigger unauthorized transactions if the skill is invoked unexpectedly or manipulated via input.

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-generativeai
web3
requests
Confidence
97% confidence
Finding
google-generativeai

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-generativeai
web3
requests
Confidence
99% confidence
Finding
web3

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-generativeai
web3
requests
Confidence
99% confidence
Finding
requests

Known Vulnerable Dependency: web3 — 1 advisory(ies): CVE-2026-40072 (web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling)

Low
Category
Supply Chain
Confidence
90% confidence
Finding
web3

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal