ClawHub

Chainstream Defi

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed DeFi transaction assistant with real wallet authority, but it requires explicit user review and confirmation before signing or broadcasting.

Install only if you want an agent to help with real DeFi transactions. Use a dedicated low-balance wallet, avoid importing a main private key, verify the external CLI/MCP/Tempo tooling, and approve signing, broadcasting, token creation, swaps, bridges, or paid plans only after reviewing chain, token, amount, recipient, fees, slippage, and route.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The phrase 'any on-chain transaction' is overly broad in a high-risk financial execution skill that can perform irreversible actions like swaps, bridging, token creation, signing, and broadcasting. Ambiguous routing increases the chance that ordinary requests are escalated into an execution-capable workflow, which is especially dangerous in this context because the skill has access to real transaction paths and destructive operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly positions the skill for executing swaps, bridges, launchpad actions, and transaction broadcasts, but the nearby documentation does not warn that these operations move real funds and are irreversible. In a financial-execution skill, omission of that warning can normalize high-risk actions and increase the chance an agent or user triggers destructive behavior without appreciating the consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage examples include transaction-capable prompts such as swapping assets, yet they are presented alongside harmless read-only queries without an adjacent safety distinction. That increases the risk that users or downstream agents treat execution prompts as routine informational requests, which is particularly dangerous because the skill metadata says transactions are real and irreversible.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The authentication section instructs users to create a wallet and import raw private keys, but it does not explicitly warn that private keys are highly sensitive secrets that must never be exposed, logged, pasted into untrusted tools, or shared with an agent. In a skill that can execute on-chain transactions, weak credential-handling guidance materially raises the chance of wallet compromise and asset theft.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This reference documents a real on-chain token creation flow but does not warn that creation is financially consequential, potentially fee-bearing, and irreversible once submitted. In the context of a financial execution skill that can drive CLI/MCP actions, missing safety language increases the chance that users or downstream agents initiate token launches without understanding cost, permanence, or reputational/legal consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This reference explicitly documents operational support for both remote signing and raw private-key signing, but does not include strong safety guidance about secret handling, trust boundaries, transaction verification, or the risks of exposing wallet credentials during irreversible on-chain actions. In the context of a financial execution skill that signs and broadcasts real transactions, that omission increases the chance that an agent or user will handle private keys unsafely or sign attacker-influenced transactions without adequate review.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs users to execute a remote install script directly via `curl ... | bash`, which bypasses review of the downloaded content and gives the remote server immediate code execution on the host. In an agent skill focused on financial and wallet operations, this is especially dangerous because the same environment may hold wallet credentials, API keys, or transaction capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal