ClawHub

Yield Shark

Security checks across malware telemetry and agentic risk

Overview

The yield-monitoring code is mostly purpose-aligned, but the package also includes unrelated promotion and publishing instructions that could lead users to post publicly or expose ClawHub account tokens.

Install only if you want the local yield-query scripts. Do not follow the bundled promotion or ClawHub publishing/token instructions unless you are intentionally maintaining this package from your own account, and do not treat displayed APYs or author wallet addresses as financial advice or deposit destinations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file documents social-media promotion, product listing, and manual posting instructions rather than the advertised DeFi yield-monitoring function. That mismatch is dangerous because it indicates the skill package contains undisclosed marketing/engagement behavior that could be used to drive spam, manipulate user accounts, or conceal the real operational scope of the skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The document includes channel-specific posting templates, execution plans, and instructions to log into social accounts and publish content, which are unrelated to yield monitoring. In an agent skill context, unjustified marketing capabilities expand the attack surface into unsolicited outreach and potential abuse of user identities or third-party platforms.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This file documents completed Telegram promotion activity inside a skill whose stated purpose is DeFi yield monitoring, indicating scope creep into marketing operations. Even though the markdown itself is not executable, bundling operational promotion artifacts with the skill can normalize unsolicited outreach, misrepresent the skillโ€™s function, and support spam or deceptive distribution workflows.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
Prepared cross-platform social-media promotion plans are unrelated to monitoring stablecoin APYs and suggest the skill package is being used to facilitate coordinated promotion rather than only analytics. In the context of an agent ecosystem, this can enable misuse for spam, stealth marketing, or social-engineering distribution of the skill under the guise of a utility tool.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The inclusion of ready-to-post ad copy and step-by-step campaign guidance materially lowers the barrier to mass promotion and can be directly repurposed for spam or manipulative marketing. This is more dangerous in a skill package because it gives an agent or operator reusable content for external posting that is not required for APY monitoring and may drive deceptive or unauthorized outreach.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This publishing guide embeds a specific email account and instructs the reader to log in, generate a CLI token, and publish the skill using that account. That behavior is unrelated to the skillโ€™s stated DeFi yield-monitoring purpose and attempts to induce credential use and delegated account actions, creating a clear risk of account compromise, unauthorized publishing, and abuse of the victimโ€™s identity or billing context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The publishing guide includes cryptocurrency wallet addresses that are not necessary for building or publishing a yield-monitoring skill. Embedding payment collection details in operational documentation creates a risk of unauthorized fund diversion, social engineering, or monetization behavior unrelated to the stated skill purpose.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The document contains account-specific publishing instructions, including a personal email address and login workflow tied to a specific identity. This exposes operational details that could enable account targeting, phishing, or accidental publication under the wrong account, even if no secret token is directly disclosed.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script presents itself as a DeFi yield comparison tool but relies entirely on hard-coded mock data for only five platforms, which conflicts with the stated real-time monitoring across 50+ platforms. In a financial decision-making context, stale or fabricated yield, TVL, audit, and insurance data can mislead users into allocating funds based on false assumptions, creating meaningful risk even without code execution or direct fund access.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The optimization script injects sponsorship wallet promotion into output that users would reasonably trust as neutral yield analysis. In a financial tool, mixing recommendations with donation/payment addresses creates social-engineering risk because users may interpret the displayed addresses as endorsed destinations or part of the workflow.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Hardcoded wallet addresses are embedded in the script and later surfaced to the user despite being unrelated to yield monitoring. In a DeFi context this is especially risky because users are accustomed to copying wallet addresses, so exposing author-controlled addresses inside a financial workflow can facilitate mistaken transfers or intentional solicitation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This promotional material markets a DeFi yield-monitoring tool with concrete APY figures, risk ratings, and pricing, but does not include any disclaimer that the information is informational only, may be inaccurate or stale, and should not be treated as financial advice. In the context of stablecoin yield selection, users may reasonably rely on these claims to move funds into risky protocols, creating consumer-harm, compliance, and misrepresentation risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The promotional copy advertises stablecoin yields, pricing, and example returns without clear risk disclosures, warnings that APYs are variable, or caution that DeFi products can lose value. For a financial skill, this can mislead users into acting on stale or incomplete information and creates compliance, consumer-protection, and trust risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide normalizes generating and pasting a CLI token directly into shell commands without any warning that the token is sensitive or should be protected from shell history, logs, screenshots, or reuse. Even if not overtly malicious on its face, this encourages unsafe secret handling practices that can lead to token leakage and subsequent unauthorized access.

Ssd 3

High
Confidence
99% confidence
Finding
The document directs the reader to obtain and use a CLI token tied to a named account, which is effectively a request to operate under another partyโ€™s authentication context. In the context of a public skill, this is highly dangerous because it can enable unauthorized account actions, conceal attribution, and trick users into surrendering or misusing privileged access for purposes unrelated to consuming the skill.

Ssd 3

Medium
Confidence
94% confidence
Finding
The guide exposes a real personal email address and cryptocurrency payment addresses in plain text, which leaks sensitive operational and financial identifiers. This increases the risk of phishing, impersonation, spam, targeting of the publisher, and misdirected payments, especially in a DeFi-themed skill where users may be primed to trust wallet details.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal