ClawHub

Agent Market

Security checks across malware telemetry and agentic risk

Overview

This skill matches its prediction-market purpose, but it gives an agent direct wallet-signing authority for many on-chain actions without clear confirmation or safety guardrails.

Install only with a dedicated low-balance Base Sepolia wallet, never a reused primary private key. Require manual review before any trade, approval, liquidity, bond, dispute, reset, emergency withdrawal, claim, finalization, or arbitration call, and verify the RPC endpoint and contract addresses before enabling the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly requires a `WALLET_PRIVATE_KEY` to perform on-chain actions but does not include any warning about the sensitivity of that credential, secure storage expectations, or the consequences of exposing it. In an agent skill context, this is dangerous because users may paste a signing key into an automation environment without understanding that compromise of the key enables full theft of wallet assets and unauthorized transactions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents numerous state-changing tools that can spend USDC, post bonds, buy/sell positions, add liquidity, burn tokens, and finalize or arbitrate outcomes, yet it provides no prominent warning that these are irreversible on-chain transactions with real fund-loss risk. In an autonomous or semi-autonomous agent setting, this omission increases the chance that users invoke destructive actions without understanding slippage, oracle disputes, market resolution risk, liquidity loss, or permanent loss of funds.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `market_emergency_withdraw` function directly submits an on-chain `emergencyWithdraw()` transaction as soon as it is called, with no user-facing confirmation, preview of consequences, or safety gating. In an agent setting, this is risky because LLM misunderstandings, prompt injection, or ambiguous user requests can trigger an irreversible blockchain action that may prematurely exit a position or realize losses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal