ClawHub

Kelp Forest

Security checks across malware telemetry and agentic risk

Overview

This DeFi automation skill is aligned with yield farming, but it asks users to sign live mainnet transactions with raw private keys and broad asset approvals without strong guardrails.

Install only if you understand these are real blockchain transactions. Use a dedicated low-balance wallet, verify every contract address independently, avoid unlimited approvals, revoke allowances after use, and test with small amounts before staking or migrating valuable tokens or LP NFTs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs users to supply a wallet private key via an environment variable and run code that signs live blockchain transactions, but it does not prominently warn that the key grants full control over funds. In a crypto/agent skill, this is especially dangerous because users may paste a hot wallet or main wallet key into a local script without understanding that compromise, logging, shell history exposure, or misuse would allow irreversible theft of assets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides ready-to-run approve, deposit, transfer, unstake, and harvest commands that trigger real on-chain state changes and can move or lock assets, yet it does not clearly foreground that these actions are irreversible and execute against mainnet contracts. This context increases risk because the commands include broad token approval and NFT transfer/staking flows, so a user who copies them blindly may unintentionally grant excessive spending rights or transfer valuable assets to the wrong contract.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal