ClawHub

CryptoWallet - Multi-Chain Blockchain Wallet Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a real crypto wallet tool, but it can sign and broadcast irreversible transactions and handles wallet secrets in command-line arguments without enough confirmation safeguards.

Install only if you are comfortable letting this skill manage real wallet keys and submit blockchain transactions. Use testnets or small amounts first, avoid passing real private keys or wallet passwords directly on the command line, configure trusted RPC endpoints where possible, and independently verify every address, amount, network, token contract, and smart-contract call before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest description uses very broad crypto and wallet-related language, making the skill likely to trigger on a wide range of ordinary user requests involving blockchain, tokens, NFTs, or wallets. In a financial-transfer skill, overbroad invocation is risky because it can cause accidental routing into capabilities that create wallets, import keys, or initiate irreversible transactions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation prominently explains how to send funds and perform contract writes, but it does not provide an equally prominent warning that these actions are irreversible and can cause permanent financial loss, including loss from malicious contracts or wrong addresses. Because the skill supports direct transfers and DeFi interactions, insufficient warning materially increases the chance of user harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends wallet addresses to configured third-party EVM RPC endpoints when querying balances, but the CLI does not warn users that their addresses and usage metadata will be disclosed externally. In a cryptocurrency wallet skill, wallet addresses are sensitive behavioral data because RPC providers can correlate holdings, timing, networks used, and IP addresses, which creates privacy and tracking risks even if no private keys are exposed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Solana balance and token-account queries send wallet and mint/account information to remote RPC infrastructure without any CLI disclosure or consent mechanism. In the context of a multi-chain wallet tool, this is more sensitive because users may reasonably expect wallet lookups to be local or privacy-preserving, while RPC providers can aggregate address activity and associate it with network metadata.

Missing User Warnings

High
Confidence
96% confidence
Finding
The code signs and broadcasts a blockchain write transaction immediately after building it, with no interactive confirmation or explicit acknowledgement of the exact target, calldata, value, gas cost, and irreversibility. In a wallet-management skill, this is especially dangerous because user-supplied ABI/function/args can trigger irreversible asset transfers or smart-contract actions with financial consequences.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Accepting the wallet password via a command-line argument exposes sensitive credentials through shell history, process listings, logging, and orchestration tooling. In a cryptocurrency wallet skill, this materially increases risk because password disclosure can enable decryption of the locally stored private key and subsequent theft of funds.

Missing User Warnings

High
Confidence
89% confidence
Finding
The code signs and broadcasts an irreversible blockchain transaction immediately after parsing inputs, with no confirmation, destination summary, or sanity checks. In a wallet-management skill, this is especially dangerous because any UI confusion, prompt injection in upstream tooling, or operator mistake can directly cause unrecoverable loss of funds.

Missing User Warnings

High
Confidence
90% confidence
Finding
The ERC20 path constructs, signs, and submits a token transfer without a final confirmation or clear disclosure that the action is irreversible. Given this skill can interact with arbitrary token contracts and addresses, accidental or manipulated inputs could result in permanent token loss across multiple chains.

Missing User Warnings

High
Confidence
89% confidence
Finding
The Solana transfer flow signs and sends SOL immediately once parameters are provided, without a user-facing warning or final approval gate. Because blockchain transfers are generally irreversible, mistakes in recipient address or amount can permanently transfer assets with no practical recovery path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code creates/imports wallets and immediately persists encrypted private key material to disk via save_wallet() without any explicit user-facing warning or confirmation that highly sensitive credentials are being stored locally. In a crypto wallet context, local persistence of key material materially increases risk if the host is compromised, backups are mishandled, or users incorrectly assume keys are ephemeral.

Missing User Warnings

High
Confidence
98% confidence
Finding
The import command accepts a raw private key through the --key CLI argument, which can expose the secret in shell history, process listings, audit logs, terminal scrollback, and orchestration tooling. In a cryptocurrency wallet manager, this is especially dangerous because exposure of the private key directly enables irreversible theft of funds and assets across supported chains.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal