ClawHub

Settlement Predictor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent blockchain fee and transaction analysis skill, with expected external API use and local caching that should be understood before use.

Install only if you are comfortable with blockchain identifiers you query being sent to public RPC, explorer, mempool.space, CoinGecko, or Tenderly/Etherscan services. Use optional API keys only for features you need, avoid entering private keys or seed phrases, and delete ~/.cache/settlement-predictor if you do not want local fee history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The manifest declares optional credentials and clearly describes networked features, but it does not declare any explicit permissions despite requiring outbound network access and reading environment variables. This weakens platform transparency and consent, making it easier for a skill to access sensitive runtime capabilities without clear user or host awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The top-level description emphasizes settlement prediction and fee analysis, but the documented behavior also includes contract verification, token metadata lookup, internal transaction retrieval, and transaction simulation. That scope expansion matters because it increases the skill's external reach, data handling, and potential trust users place in security-oriented outputs that were not clearly declared in the main description.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The README advertises mempool scanning, transaction tracking, contract verification, and internal transaction lookup without warning users that submitted pool addresses, contract addresses, and transaction hashes will be sent to third-party services such as Etherscan or mempool.space. This can expose user interests, wallets, trading intent, or operational metadata to external providers, which is a real privacy/security concern even if it does not directly enable code execution.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Several triggers such as generic gas and fee phrases are broad enough to activate during ordinary crypto discussion rather than a deliberate request to run the skill. Overbroad invocation surfaces can cause unintended network activity, external data disclosure, or tool execution without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation advertises transaction tracking, mempool inspection, simulation, and third-party API usage but does not prominently warn users that their addresses, transaction hashes, pool addresses, and other query data may be sent to external services. In a financial context, this can expose sensitive trading intent or wallet activity and undermines informed consent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends user-derived transaction context to third-party services such as CoinGecko and, elsewhere, Tenderly/Etherscan without clear call-site consent or warning. In a blockchain-analysis skill, addresses, transaction hashes, destination addresses, and values can still be sensitive metadata that reveal user activity, strategy, or holdings to external services.

External Transmission

Medium
Category
Data Exfiltration
Content
"Content-Type": "application/json",
    }
    try:
        r = requests.post(
            "https://api.tenderly.co/api/v1/simulate",
            json=payload,
            headers=headers,
Confidence
88% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
"Content-Type": "application/json",
    }
    try:
        r = requests.post(
            "https://api.tenderly.co/api/v1/simulate",
            json=payload,
            headers=headers,
Confidence
88% confidence
Finding
requests.post( "https://api.tenderly.co/api/v1/simulate", json=

External Transmission

Medium
Category
Data Exfiltration
Content
}
    try:
        r = requests.post(
            "https://api.tenderly.co/api/v1/simulate",
            json=payload,
            headers=headers,
            timeout=15,
Confidence
88% confidence
Finding
https://api.tenderly.co/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal