ClawHub

Agent Cashflow

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its cashflow-reporting purpose, but it under-discloses wallet-address sharing and includes platform-manipulation advice users should review before installing.

Review before installing. Use ETH tracking only if you are comfortable sending your public wallet address to the listed RPC providers, avoid routing reports to Telegram or memory unless you want that data retained or shared there, and ignore the multi-account self-starring advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation states that the skill does not transmit the wallet address to any third party, but the provided code sends the address to public Ethereum RPC endpoints to retrieve the balance. This is a security/privacy issue because users may rely on a false assurance and disclose wallet addresses without understanding that third-party providers can log and correlate them.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown gives an inaccurate privacy warning by claiming wallet data is not transmitted to third parties, despite the documented RPC/API calls that necessarily transmit the wallet address. Misleading privacy claims can cause unsafe user decisions and undermine informed consent around external data exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
"params":[address,"latest"],"id":1}
    for url in ["https://eth.llamarpc.com", "https://rpc.ankr.com/eth"]:
        try:
            r = requests.post(url, json=payload, timeout=8)
            result = r.json().get("result")
            if result:
                return int(result, 16) / 1e18
Confidence
84% confidence
Finding
requests.post(url, json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal