ClawHub

Zeko

Security checks across malware telemetry and agentic risk

Overview

This Zeko skill appears purpose-built for blockchain automation, but it gives agents transaction-capable private-key workflows without enough safety boundaries.

Install only if you are comfortable with an agent seeing or using Zeko/Mina signing credentials. Use testnet or low-value dedicated keys, avoid placing secrets in prompts or shell history, verify endpoint, network, recipient, and amount before every transaction-like action, and require explicit approval before any bridge, faucet, signing, or broadcast command runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest declares sensitive environment variables including MINA_PRIVATE_KEY and GITHUB_TOKEN without nearby guidance on safe handling, least privilege, redaction, or restrictions on logging and transmission. In an agent skill, this increases the risk that downstream steps, commands, or debugging output could expose secrets to logs, external services, or user-visible responses.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file explicitly instructs users and agents to supply sensitive credentials through environment variables (`MINA_PRIVATE_KEY`, `GITHUB_TOKEN`) but provides no warning about secret handling, logging, shell history, process inspection, or reuse in unattended automation. In an agent-oriented, terminal-driven skill, this omission is materially risky because users may paste production-like secrets into insecure environments or expose them via command traces and telemetry.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples are executable commands that initiate real bridge transfers and faucet claims, yet they lack any warning that they change blockchain state, may consume funds, may be long-running, and should only be run intentionally on the intended network. Because this skill is designed for unattended agent automation, users may copy or trigger these commands blindly, causing unintended transfers, claims, or repeated operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example shows a directly runnable `curl` mutation that broadcasts a signed payment to a public endpoint, but it does not clearly warn that using a valid signature will submit a real transaction. In an agent skill intended for terminal-driven workflows, this increases the chance a user or downstream agent copies the command into a live environment and unintentionally moves funds.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal