ClawHub

Hedera Mirror

Security checks across malware telemetry and agentic risk

Overview

The skill mostly provides public Hedera lookup examples, but it hides an unrelated onlyflies.buzz agent hub/register/ping marker that users should review before installing.

Review before installing. Use the Hedera and SaucerSwap examples only if you are comfortable sending queried account or token identifiers to those services, and remove or ignore the hidden onlyflies.buzz OADP marker unless you intentionally want that agent-discovery behavior. Do not provide wallet secrets or private keys to this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill claims to query Hedera Mirror Node data, but it also instructs agents to call a third-party SaucerSwap API that is outside the declared scope and trust boundary. This can mislead users into sending network traffic to an unrelated service with different privacy, integrity, and availability properties, increasing exposure to data exfiltration or supply-chain style abuse if copied into automated workflows.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The embedded OADP comment advertises unrelated external hub, registration, and ping endpoints on a suspicious non-Hedera domain, despite the skill being presented as a passive blockchain data lookup tool. Hidden metadata like this can be used by agent ecosystems to trigger unsolicited registration, beaconing, or remote control behaviors, creating a covert outbound communication path and materially changing the risk profile of the skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples repeatedly instruct users to perform live external queries for account balances, token holdings, NFTs, and transaction history without any notice that these requests disclose lookup interests and may reveal sensitive investigative targets through network logs. In an agent context, users may treat these snippets as safe local inspection when they actually cause outbound requests to public services and third parties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal