ClawHub

fxUSD

Security checks across malware telemetry and agentic risk

Overview

This DeFi skill is coherent and not clearly malicious, but it needs Review because it prepares executable wallet transactions using third-party data and some high-impact flows lack strong execution safeguards.

Install only if you are comfortable reviewing DeFi transaction details before signing. Verify chain, token, spender, recipient, amount, calldata target, and any slippage/min-output assumptions, especially Hydrex actions with zero minimum output fields and any Morpho borrow or collateral-management transaction. Use Bankr execution only after explicit human approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly performs network access to multiple third-party services and blockchain RPC endpoints, but no explicit permissions are declared in the skill metadata. This creates a governance and transparency gap: operators may approve or run the skill without realizing it can transmit data externally and influence wallet execution planning based on untrusted remote responses.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The documentation expands the operational scope from simple Morpho supply/withdraw guidance into active debt-management actions such as repay, add-collateral, and borrow-related planning. In a transaction-emitting agent skill, this matters because broader documented capabilities can cause downstream orchestration or users to treat higher-risk debt workflows as supported and safe, increasing the chance of unsafe financial actions beyond the declared scope.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file states that borrow is planning-only, but elsewhere presents repay and add-collateral as execution-ready transaction flows without equally prominent restrictions. That inconsistency can mislead an agent or operator into treating debt-position management as low-risk or fully approved, even though these actions materially affect liquidation exposure and wallet state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script constructs fully formed approval and protocol-interaction transactions for supply, withdraw, repay, add-collateral, and borrow flows and packages them as Bankr-ready execution steps. Although this file does not itself broadcast transactions, it materially lowers the barrier to unsafe or unintended asset movement if an upstream agent, UI, or automation layer submits these steps without an explicit user approval gate, especially for high-risk borrow and approval operations.

External Transmission

Medium
Category
Data Exfiltration
Content
- Default operation needs `python3` for local planning scripts and `bankr` when the user wants live wallet execution.
- The `fxSAVE` helper posts to `https://fxsave.up.railway.app` by default. Use `--base-url` only when targeting a different deployment.
- The Hydrex helper queries `https://api.hydrex.fi/strategies` and reads Base state from `https://mainnet.base.org` by default. Use `--rpc-url` to target a different Base RPC endpoint.
- The Morpho helper queries `https://blue-api.morpho.org/graphql` and reads Base state from `https://mainnet.base.org` by default. Use `--rpc-url` to target a different Base RPC endpoint.
- No environment variables are required for the published default workflow.
Confidence
92% confidence
Finding
https://api.hydrex.fi/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal