ClawHub

CLAWP

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it describes low-friction crypto token deployment, SOL deposits, and automatic buyback/burn actions without enough disclosure or user-control detail.

Review this before installing or using it for any real launch. Treat it as a high-risk crypto workflow unless the platform separately shows the exact transaction steps, payment destination, fees, custody model, confirmations, and how to stop or reverse any post-launch automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The prompt states the agent does not provide investment advice, but its generation guidelines later instruct it to include launch advice based on current trends. That contradiction can cause the model to produce quasi-financial guidance while presenting itself as non-advisory, which may mislead users and weaken safety and compliance boundaries in a token-launch context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly describes automated token deployment and automatic post-launch buyback and burn actions, which are fund-affecting operations, but it does not clearly warn users about financial loss, irreversible on-chain execution, custody assumptions, or the consequences of autonomous execution. In the context of a token-launch skill, this omission is dangerous because users may trigger real financial actions without understanding that the system can move funds or alter token economics automatically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly guides users toward making a real 0.025 SOL deposit as part of the workflow, but does not pair that step with a clear warning that blockchain transfers involve real funds, may be irreversible, and can expose users to loss if they misunderstand the process or trust the wrong destination. In a token-launching context, this omission is more dangerous because the skill is aimed at helping users create memecoins, where inexperienced users may be especially likely to act on the guidance without appreciating financial and transactional risk.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The activation condition is effectively any short token idea, with little qualification or gating. In a skill that can generate deployment-ready blueprints for speculative assets, overly broad triggering increases the chance of unsafe, low-friction use, including rapid generation of misleading or abusive token concepts without sufficient review.

Missing User Warnings

High
Confidence
96% confidence
Finding
The prompt describes a flow where, after minimal interaction, deployment proceeds and buyback/burn actions occur automatically through fixed mechanics, but it does not require prominent user-facing warnings, informed consent checkpoints, or confirmation of consequences. In a financial/token-launch setting, this can lead users to authorize impactful on-chain or economic actions without understanding the risks, irreversibility, fees, or downstream effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal