ClawHub

ERC-8004 Identity

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Avalanche identity tool, but it uses a raw wallet private key and can immediately spend AVAX on irreversible mainnet transactions without an in-tool confirmation step.

Review carefully before installing. Use a dedicated low-balance wallet, keep PRIVATE_KEY out of commits, logs, screenshots, and shell history, verify the RPC/network and contract addresses, and expect deploy/set commands to spend real AVAX and make persistent public blockchain changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The help text says `deploy` will only 'Deploy agent identity', but the implementation also deploys additional contracts, sets task prices, updates metadata, and performs multiple irreversible on-chain transactions. This misrepresentation can cause operators to trigger far more spending and state changes than they intended, which is a real security/usability risk for blockchain tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to place a raw private key in a .env file or export it directly from the macOS keychain, but it provides no explicit warning about credential sensitivity, storage hygiene, shell history exposure, or least-privilege wallet usage. Because this skill is specifically for deploying on-chain identity and contracts, compromise of the private key could lead to direct wallet theft, unauthorized transactions, identity takeover, and persistent on-chain damage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `deploy` flow performs identity registration, contract deployment, price configuration, and metadata updates immediately after invocation, with no confirmation prompt, dry-run, or explicit warning about irreversible blockchain transactions and gas costs. In a CLI handling a live private key, this increases the chance of accidental fund expenditure or unintended permanent on-chain changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal