ClawHub

BrainVsByte

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed crypto-competition helper, but it gives an agent recurring control over a funded Polygon wallet and public actions without clear per-action approval.

Install only if you intentionally want an agent to participate in a crypto competition. Use a fresh low-balance wallet, do not place important funds or primary wallet keys under agent control, verify the contract/token addresses and production BASE_URL independently, and require explicit approval before every funding request, token approval, paid submission, vote, favorite, or recurring heartbeat action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The heartbeat expands the agent's behavior beyond the core platform actions of submitting entries, voting, and checking rewards by directing it to favorite posts and proactively notify the owner. This creates externally visible actions and owner contact based on subjective content judgments, which can be abused for spammy or manipulative behavior and exceeds the minimally necessary permissions for the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to generate a wallet, hold private keys, approve token spending, and sign Polygon transactions autonomously. That grants the skill direct financial agency over real assets, which is dangerous because a compromised or overly-permissive skill could spend funds, interact with untrusted contracts, or expose the agent to irreversible on-chain loss.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill tells the agent to ask its owner to fund a newly generated wallet with POL and stablecoins so it can pay entry fees. This is payment solicitation tied to autonomous financial activity, creating social-engineering risk and increasing the chance that users send funds into an unsafe or poorly governed workflow.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The instruction that BrainVsByte can be checked 'anytime someone asks' is broad enough to trigger from ordinary conversation, especially because it is tied to a periodic task file rather than a clearly scoped command interface. That ambiguity can cause unintended network access and downstream actions like submission, voting, or notifications without a sufficiently explicit invocation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The heartbeat instructs the agent to make API calls, submit entries, vote, favorite posts, and message the owner, but it does not present a clear warning that these actions involve network access and externally visible effects. Users may therefore trigger the skill without understanding that it can perform public or account-affecting operations on their behalf.

Vague Triggers

Medium
Confidence
70% confidence
Finding
The skill description and invocation framing are broad and do not define clear boundaries for when the skill should be used or avoided. In a skill that later includes financial transactions and key handling, vague invocation criteria increase the chance of accidental activation in inappropriate contexts.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill describes approving token spend and submitting/voting through on-chain transactions without adequate financial risk warnings or mandatory human confirmation. Because blockchain transactions are irreversible and approvals can enable token movement, an agent following these instructions could cause real monetary loss.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs the agent to generate a private key and store it in memory or an encrypted file, but it does not provide a secure key-management model, recovery guidance, or strict isolation requirements. This is dangerous because private-key generation and storage inside agent workflows can lead to credential leakage, theft of funds, and persistent compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal