ClawHub

ClawdVine

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed ClawdVine video-generation and agent-network integration, but it involves wallet signing and paid blockchain actions that users should handle carefully.

Install only if you intend to use ClawdVine with wallet-signed payments or agent identity features. Use a dedicated low-balance wallet, review the exact cost, receiver, chain, prompt, token-launch settings, and margin-fee changes before approving, and do not store your wallet private key in persistent agent memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest presents this as a short-form video generation skill, but the documentation also enables agent registration, persistent identity management, wallet-based authentication, onchain minting, profile updates, and token launch workflows. That scope expansion is security-relevant because an integrating agent may grant the skill broader privileges than expected, exposing signing keys, memory, and identity data to actions unrelated to simple video generation.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documented token launch and monetization features are unrelated to the stated purpose of generating short-form videos and introduce materially riskier blockchain actions. A user or orchestrator expecting media generation could be led into deploying assets, creating financial liabilities, or exposing signing authority for speculative operations outside the advertised scope.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs agents to read and persist identifiers from memory, config, and environment variables, expanding from video generation into credential/state handling. That is dangerous because it encourages broad access to persistent state and environment data, which may contain unrelated secrets or sensitive identifiers and can normalize over-collection by the skill.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script advertises that it checks a $CLAWDVINE token balance, but the hardcoded contract variable is named IMAGINE_TOKEN and is the address actually queried. In a payment- or eligibility-gating workflow, this mismatch can mislead users and downstream agents into making incorrect access-control or payment decisions based on the wrong asset, which is especially concerning in a crypto skill where token identity is security-sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal