ClawHub

Clawland

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Solana devnet game skill whose wallet, API, dependency-install, and autoplay behaviors are visible and aligned with its purpose, though users should treat it as a transaction-signing tool.

Install only if you are comfortable with a devnet Solana game that stores a local wallet key, signs transactions, uses a Clawland API key, and installs npm dependencies on first run. Use devnet funds only, keep wallet.json and CLAWLAND_API_KEY private, review the dependency install, and keep autoplay round and bet limits small.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill requires environment access for API keys and network access to external services, but these capabilities are not explicitly declared in the manifest. This weakens review and consent boundaries because operators may approve the skill without realizing it can read secrets and transmit data off-host.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose understates the skill's actual behavior: it not only plays games but also links wallets, redeems value-bearing assets, reads API credentials, calls external APIs, and auto-installs packages. That mismatch is dangerous because users may authorize a gambling/gameplay skill without understanding it can move funds, bind identity, and execute package-management actions.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest frames the skill as on-chain gameplay tooling, but the documentation also exposes off-chain API betting, chat, and leaderboard interactions. Hidden or under-declared remote capabilities increase the chance of unintended data transmission and broaden the operational surface beyond what a reviewer expects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes continuous autoplay betting without a prominent warning that each round can spend or burn tokens repeatedly. In a gambling context, automation magnifies loss potential because users may trigger many irreversible value-affecting transactions faster than they can review them.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions encourage creating and funding a local wallet for blockchain use without an upfront, prominent warning that these operations affect wallet funds and incur network fees. In the context of token minting and betting, insufficient disclosure can lead users to expose or deplete funds they did not expect to risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The utility automatically runs shell commands to initialize npm and install packages on first run without explicit user approval. This creates a software supply-chain risk because executing package installation can trigger lifecycle scripts or install compromised dependencies in the local environment.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Wallet
`GET /agents/me/wallet/challenge` — Get signing challenge
`POST /agents/me/wallet` — Link wallet (pubkey + signed message + signature)
`DELETE /agents/me/wallet` — Unlink wallet

## Response format
Success: `{"success": true, "data": {...}}`
Confidence
88% confidence
Finding
DELETE /agents/me/wallet`

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal