ClawHub

XMTP CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward XMTP CLI guide, but users should treat wallet keys, message sending, and group permission changes carefully.

Install only if you intend to use XMTP CLI commands. Use dev or ephemeral keys for testing, keep .env out of git and logs, restrict access to wallet and database keys, and double-check recipients before sending messages, creating groups, or changing permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documentation encourages sending live XMTP content, including transaction-related content, to a target address or group without any caution that these actions affect external recipients or may represent value-bearing or value-signaling operations. In an agent context, this can lead to unintended outbound messaging, spam, or user confusion about financial actions, especially if the agent executes commands against real identities rather than a sandbox.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The rule line uses a wide set of generic trigger terms like "info", "address", "inbox", and "resolve", which can match many unrelated user requests and cause the agent to invoke this skill in the wrong context. Over-broad routing increases the chance of unintended command execution paths, data exposure from diagnostic commands, or incorrect tool selection that bypasses more appropriate safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file documents highly sensitive secrets such as `XMTP_WALLET_KEY` and `XMTP_DB_ENCRYPTION_KEY` and instructs users to place them in a `.env` file, but it provides no warning about secret handling, accidental commits, shell history leakage, file permissions, or secret-manager alternatives. In a CLI skill focused on messaging and wallet operations, these values directly protect identity, message access, and wallet control, so normalizing insecure storage without safeguards materially increases the chance of credential exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to generate a `.env` file containing a private wallet key and DB encryption key but does not warn that these are highly sensitive secrets. In a CLI/testing context, users may casually commit `.env` files, leave them on shared machines, or reuse real keys, which can lead to wallet compromise, message/data exposure, and unauthorized account actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal