ClawHub
Back to skill

Security audit

crypto-treasury-ops

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto treasury skill that can move funds and place trades, so it is high-risk to use but its sensitive behavior matches its stated purpose.

Install only with a dedicated treasury wallet or limited hot wallet, set strict allowlists and max single/daily limits, keep DRY_RUN_DEFAULT enabled until reviewed, and avoid storing large balances in keys provided to this skill. Review any unlimited token approvals and external route quotes before real execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README advertises Solana balance checks and Solana-to-EVM bridging even though the manifest description only mentions EVM treasury operations and Hyperliquid trading. In an agent ecosystem, this documentation/manifest mismatch can cause downstream systems or operators to authorize capabilities they did not intend, expanding the effective attack surface and enabling unsafe invocation of undocumented cross-chain actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This file implements Solana private-key parsing, transaction signing, and RPC confirmation even though the skill metadata describes only EVM treasury operations and Hyperliquid trading. That scope mismatch is dangerous because it silently expands the agent's authority to a different blockchain, increasing the chance that a caller or downstream orchestration layer can trigger unintended Solana signing flows with treasury credentials.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This service directly executes irreversible fund-moving actions across chains and then deposits to Hyperliquid without any explicit approval gate in this file beyond programmatic prechecks. In an agent skill context, that means any upstream prompt, tool invocation, or orchestration mistake can trigger real asset movement without a final human confirmation step, increasing the risk of unintended treasury loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal