ClawHub

GMGN Skill Cooking

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about launching real crypto tokens, but it gives the agent high-impact credential handling and persistent financial settings that users should review before installing.

Install only if you intend to let an agent help perform real, irreversible token launches. Review the gmgn-cli package and GMGN site yourself, keep the private key and API key out of chat where possible, consider configuring credentials manually, delete any temporary key material, and avoid saving advanced launch preferences unless you want them reused later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to inspect local network interfaces and make an external request to an IPv6 diagnostic endpoint. That behavior is outside the core purpose of launching tokens or querying launchpad stats and unnecessarily expands system and network visibility, exposing local environment details and externalizing metadata such as IP configuration.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The first-time setup flow tells the agent to generate a private key, direct the user to an external website, and persist credential material to disk. This materially exceeds the stated execution/statistics purpose and creates a high-risk credential-handling path where the agent brokers secrets, writes long-lived authentication data, and may expose users to phishing or unsafe key management.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to remember advanced launch settings for future launches, introducing persistent state unrelated to a single token-launch transaction. Persisting financial preferences across sessions can create privacy, consent, and mis-execution risks if stale settings are silently reused in later irreversible blockchain actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad colloquial terms like creating or 'cooking' a coin, which can overlap with casual conversation and increase the chance of unintended skill invocation. In this context, mistaken activation is especially risky because the skill can lead to irreversible financial transactions once enough follow-on prompts are satisfied.

Ssd 3

Medium
Confidence
94% confidence
Finding
Telling the agent to store future launch preferences in memory creates a data retention issue for potentially sensitive financial behavior and routing preferences. Because these preferences may include fee-sharing and execution modes, retention can expose user strategy information and increase the chance of unauthorized or accidental reuse later.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal