ClawHub

gate-info-addresstracker

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed, read-only blockchain address lookup and tracing, with no evidence of hidden code, credential use, trading, or destructive behavior.

Install this if you are comfortable sending queried wallet addresses and inferred chain details to the Gate-Info MCP provider. When you only want a basic lookup, say that explicitly because the skill may deepen analysis for labeled, high-balance, or risk-flagged addresses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The scenario explicitly instructs the skill to escalate from a basic identity lookup into transaction-history and fund-flow tracing based on internal heuristics such as labels, balance, or risk flags, even when the user did not request deeper surveillance. In an on-chain analysis context, this broadens collection and disclosure beyond the user’s stated scope, increasing privacy, overreach, and misuse risk and making the agent perform more sensitive analysis than necessary.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The routing/trigger guidance is broad enough that the skill may be invoked for loosely related address, ownership, or tracking requests, including cases better handled by other more specialized skills. In an agentic system, over-broad invocation can cause unnecessary on-chain lookups, misrouting, privacy-sensitive analysis of user-supplied addresses, and reduced reliability of downstream decisions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that ordinary user requests may invoke this skill unexpectedly, causing on-chain address analysis tools to run when the user did not clearly intend that workflow. In an agent environment, overbroad activation expands the attack surface for tool use, increases misrouting risk, and may expose sensitive analysis behavior unnecessarily.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The deep-tracking routing keywords are underspecified and can match vague user language, which may escalate from basic profile lookup to more invasive transaction-history and fund-flow tracing. That creates unnecessary tool usage and potentially reveals more sensitive behavioral information than the user's request justified.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger examples are broad enough that ordinary requests like "track this address" or "check this address" can invoke a skill capable of richer blockchain profiling and tracing without strong scope constraints. This increases the chance of over-triggering the skill on ambiguous requests and performing more invasive analysis than the user intended, especially when combined with the auto-upgrade logic elsewhere in the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal