ClawHub

GizmoLab Tools

Security checks across malware telemetry and agentic risk

Overview

This skill is a browser-only guide to GizmoLab blockchain tools, but it can steer an agent into real wallet-connected transactions without strong safety boundaries.

Review before installing if you may use it with a real wallet. Use testnets or disposable wallets where possible, verify the GizmoLab URL, network, contract address, function, token amounts, fees, slippage, and destination, and do not let an agent proceed through wallet approvals or transaction confirmations without your explicit review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to trigger on many generic blockchain-related tasks, including high-risk actions like contract writes, token minting, swaps, and wallet use. Over-broad routing can cause the agent to invoke this skill in contexts where the user did not clearly intend transactional or asset-affecting operations, increasing the chance of unsafe automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides step-by-step instructions for wallet connection and on-chain actions like token creation, minting, and swaps without prominent warnings that these actions can spend funds, alter assets, or create irreversible blockchain state. In an agent setting, this omission is dangerous because users may be guided into signing transactions without understanding the financial and operational consequences.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal