ClawHub

GMGN Skill Swap

Security checks across malware telemetry and agentic risk

Overview

This crypto-trading skill is upfront about making real trades, but it stores powerful trading credentials on disk and relies on an unpinned external CLI for irreversible financial actions.

Review carefully before installing. Use only a dedicated low-value trading wallet, verify gmgn-cli from a trusted source, avoid storing a main wallet or high-value trading key in this setup, delete temporary key files after setup, and manually confirm every wallet, token address, amount, slippage setting, and multi-wallet scope before approving any transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill expands its operational scope beyond the declared swap/order workflow by introducing a separate token-security command and making it mandatory. Scope creep is dangerous in agent skills because it authorizes extra tool/API actions not clearly covered by the manifest, increasing the chance of unintended external calls, unsupported permissions, or hidden behavior paths.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The IPv6 troubleshooting instructions direct the agent to inspect local network interfaces and query an external IP-check service, which is unrelated to the financial execution purpose. This broadens the skill into host/network reconnaissance and causes unnecessary disclosure of system configuration and public network metadata to external services.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The first-time setup workflow instructs the agent to generate a private key, direct the user to an external website, and persist live trading credentials to disk. In a financial-execution skill, this is highly sensitive because it turns the agent into a credential bootstrapper and secret store, materially increasing the risk of wallet compromise, phishing-style misdirection, and unauthorized future trades.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal