ClawHub

gate-info-addresstracker

Security checks across malware telemetry and agentic risk

Overview

This is a read-only blockchain address analysis skill, but it may expand some basic address lookups into deeper public transaction and fund-flow tracing.

Install only if you are comfortable with an agent querying Gate-Info for public on-chain address profiles and, in some cases, deeper transaction and fund-flow relationships. For simple checks, explicitly request Basic Mode or no fund-flow tracing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata/description advertises only three MCP tools, but the body additionally instructs use of `info_onchain_get_transaction`. This inconsistency can cause policy bypass or unexpected tool invocation because operators and downstream enforcement may rely on the manifest as the authoritative allowlist while the instructions expand behavior beyond it.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file explicitly says only listed tools may be called, then later recommends an extra tool outside the manifest/header-declared set. Contradictory instructions around tool boundaries are dangerous because they undermine least privilege and create ambiguity that an agent may resolve in favor of broader access.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger description is broad enough to capture common phrases like 'check address' or 'who owns this address,' which may activate the skill outside a narrowly intended on-chain analysis context. Overbroad activation increases the chance of misrouting user requests, unnecessary data access, and unneeded tool calls in contexts where a more specific skill or no tool use would be appropriate.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The deep-tracking routing keywords include vague terms like 'track' and 'fund flow' without stronger scoping requirements. This can cause the agent to enter a more invasive analysis path, including additional transaction-history and tracing tool calls, based on ambiguous user language.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly supports transaction history and fund-flow tracing but does not require a user-facing notice or consent step before performing privacy-sensitive blockchain analysis. Even though blockchain data is public, aggregating and tracing it can meaningfully increase surveillance capability and create compliance, privacy, and user-expectation risks.

Missing User Warnings

High
Confidence
96% confidence
Finding
The auto-upgrade behavior instructs the agent to perform deeper transaction and fund-flow analysis even when the user only asked for basic address identification. This expands the scope of analysis without explicit authorization and increases the risk of unwanted profiling, deanonymization, and overcollection of sensitive financial intelligence.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal