ClawHub

@blockchain-forever/aelf-skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate aelf skill hub, but it deserves review because it can download and install other blockchain skills and routes users toward sensitive wallet, trading, and governance actions without strong built-in warnings or confirmations.

Install only if you trust the publisher, the included catalog, and the referenced npm/GitHub packages. Prefer bootstrapping one skill at a time with --only, use --skip-install until you review the downloaded skill, and require explicit confirmation before any wallet backup/delete, transfer, approval, swap, liquidity, marketplace, contract-send, or governance action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The scenario explicitly instructs the agent to execute write operations such as token transfers and swaps, but it does not require an explicit user-facing warning or confirmation that these are irreversible on-chain actions. In an AI execution playbook for wallet and DEX skills, that omission increases the risk of accidental fund movement, especially when routing and pre-checks are automated and the user may not realize the step crosses from read-only behavior into state-changing execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This catalog advertises wallet backup, delete, transfer, and contract execution capabilities without any user-facing disclosure that these actions are sensitive, may expose secrets, or can irreversibly move or destroy access to assets. In a skill-discovery/install hub, omission of such warnings increases the chance that downstream agents or users invoke dangerous wallet operations without informed consent or extra confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest describes registration, authentication, guardian/account queries, approvals, transfers, and keystore workflows but does not disclose privacy implications, credential handling, or asset-moving side effects. Because this file is a central catalog for routing and onboarding skills, understated descriptions can cause high-risk wallet functions to be treated like ordinary informational tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises swap, add/remove liquidity, and approval operations without warning about slippage, loss, approvals, fees, or irreversible financial transactions. In the context of an agent skill hub, this is dangerous because the catalog can normalize high-risk trading actions as routine capabilities and encourage automated invocation without sufficient user understanding.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest lists buying, token creation/issuance, NFT listing, offers, and trading with no warning that these are consequential asset operations that may be irreversible or financially harmful if misused. Since this file is used for discovery and setup, the lack of warnings makes it easier for agents or users to underestimate the sensitivity of market and issuance functions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Governance, BP election, proposal, and resource-token trading operations can materially affect funds, voting power, and protocol state, yet the manifest presents them without warnings about consequential write effects. The skill context raises risk because this is a hub manifest that may route users to impactful governance actions without clearly signaling their significance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal