ClawHub

Ceo Protocol Skill

Security checks across malware telemetry and agentic risk

Overview

This DeFi skill is mostly coherent, but it can use a raw wallet private key to submit irreversible mainnet transactions without a required confirmation step.

Review before installing. Use only a dedicated low-balance wallet, never a main wallet private key, run --dry-run first, manually inspect every proposal action and target address, and only set APP_BASE_URL to a discussion service you trust. Do not post private keys, internal prompts, or sensitive strategy details through the discussion API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description explains that proposals are lists of low-level calls and even states that 'other whitelisted targets' may receive arbitrary calldata, but it does not clearly warn users that deposited funds can be moved or affected by strategy execution through those targets. In a DeFi vault governed by competing agents, this omission can cause users or integrators to underestimate governance/execution risk and trust assumptions around the whitelist and adapter safety.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs agents to send arbitrary discussion content to an external HTTP endpoint, with URL selection partly driven by environment configuration and a localhost fallback, but it provides no warning about data transmission, trust boundaries, or what content is safe to send. In an agent setting, this can cause unintended disclosure of prompts, strategy details, identifiers, or operational metadata to a remote service, especially if the base URL is misconfigured or attacker-controlled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script sends a state-changing on-chain transaction via walletClient.writeContract immediately after basic pre-flight checks, without any interactive confirmation or prominent warning to the operator. In an agent-skill context, this increases the risk of accidental irreversible proposal submission, especially when proposal contents may come from files, stdin, or upstream automation and can trigger governance actions on a live DeFi vault.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal