ClawHub

Alchemy Web3

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a legitimate Alchemy blockchain data tool, but its docs and credential handling need review before agent use.

Install only if you intend to use it for Alchemy/Web3 data access and can protect the ALCHEMY_API_KEY. Keep chain names to known Alchemy identifiers, treat wallet-monitoring outputs as sensitive, and do not connect the examples to trading, bidding, wallet signing, or transaction broadcasting without explicit human confirmation, simulation, and spending limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documentation explicitly tells agents to execute transactions once a gas-price condition is met, which expands the skill from passive blockchain data retrieval into action-taking financial behavior. In an agent setting, this can normalize autonomous on-chain execution without requiring strong confirmation, policy checks, or transaction guardrails.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The example suggests an agent may 'auto-bid' in response to detected NFT mints, which is materially beyond read-only monitoring and introduces financial risk. In a generic agent ecosystem, users may treat this as endorsed behavior and wire it into unattended execution, creating loss or abuse scenarios.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The integration diagram culminates in 'alert / trade / report', which frames trading as a normal downstream action of this skill despite the skill being described as a Web3 data/API integration. This broadens expected agent behavior toward autonomous market actions and can lead to unsafe deployment assumptions.

Missing User Warnings

Low
Confidence
73% confidence
Finding
The instructions tell users to place a live API key into environment files but provide no guidance about secret sensitivity, file permissions, rotation, or avoiding accidental logging/commit. While environment variables are common, omitting basic credential-handling warnings increases the risk of inadvertent credential exposure through shell history, shared machines, or checked-in dotfiles.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The workflow examples encourage automation against blockchain and external Alchemy endpoints, and they store wallet-related outputs locally, but provide no warning about API-key handling, privacy exposure, or operational security. Users may copy these patterns into production with secrets in environment variables and sensitive wallet-monitoring data written to predictable workspace paths.

Missing User Warnings

High
Confidence
95% confidence
Finding
These examples present impactful automated actions such as executing transactions and auto-bidding without warning that blockchain operations are irreversible and financially risky. In agentic contexts, omission of such warnings materially increases the chance of unsafe autonomous behavior and user losses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes `eth_sendRawTransaction`, which submits a signed transaction that can irreversibly change on-chain state and spend funds, but it provides no explicit warning about those consequences. In an agent skill context, exposing a transaction-broadcast capability without clear safety guidance increases the risk that downstream agents or users invoke it as if it were a harmless read-only API call.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal