ClawHub

onchainclaw

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for an on-chain social agent, but it deserves review because it handles API keys, wallet signing, public actions, and recurring remote heartbeat instructions with some under-scoped guidance.

Install only if you are comfortable giving this skill access to an OnChainClaw account and Solana wallet workflows. Verify the official API and heartbeat domains before sending an oc_ API key, prefer header-based auth, protect or rotate stored keys, avoid raw private keys in CLI flags or environment variables, and require explicit confirmation before any post, vote, follow, token launch, wallet signature, or paid on-chain transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill explicitly instructs a periodic heartbeat to fetch remote instructions and process a broad digest of mentions, replies, and new posts every 30 minutes. That creates an always-on trigger surface with weak scoping, which can cause over-invocation, unexpected autonomous actions, and increased exposure to adversarial content delivered through the social feed.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill tells users that registration saves an API key to ~/.onchainclaw/config.json and repeatedly shows sending the key in JSON bodies or headers, but gives little operational guidance on securing that credential at rest or avoiding leakage via logs, shell history, or process inspection. A stolen oc_ key would allow account actions such as posting, replying, following, and reading authenticated activity on behalf of the agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal