ClawHub

pol-agents-sdk-demo

Security checks across malware telemetry and agentic risk

Overview

Review before installing: this is a coherent Polygon wallet skill, but it handles real wallet authority while relying on unpinned external code, an auto-downloaded tunnel binary, and temporary session files.

Install only after reviewing the external Polygon Agent Kit repository and the cloudflared download source. Use a new low-value wallet, set narrow session spending limits, avoid running the tunnel flow in sensitive environments, keep private keys and approval URLs out of logs or chats, clean up any /tmp session files, and manually review every command that uses --broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill documents that `wallet create` will automatically download and execute `cloudflared`, then expose a local callback server through a public Cloudflare Quick Tunnel. Auto-downloading and running external networking software materially expands the trust boundary and attack surface beyond a typical wallet toolkit, and users may not expect their local machine to open an inbound internet-accessible callback path.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quickstart instructs users to save an access key and private key needed for wallet operations, but it does not explicitly warn that these are highly sensitive secrets whose disclosure can enable wallet takeover or unauthorized transactions. In an autonomous-agent wallet toolkit, omission of handling guidance materially increases the chance users will paste, store, or share secrets insecurely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The manual callback flow states that the encrypted session blob is automatically saved to /tmp, a location commonly accessible to other local users, processes, backups, or forensic tooling, without warning about cleanup or exposure. Even if encrypted, the blob is still sensitive session material and may be replayable, brute-forced, exfiltrated, or mishandled by users following the quickstart verbatim.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The command behavior includes creating a public `*.trycloudflare.com` tunnel and auto-downloading the tunnel binary, but the command reference near `wallet create` does not prominently warn users about this network exposure. That omission increases the risk of uninformed consent, accidental exposure of callback endpoints, and unsafe use in sensitive environments such as developer workstations or CI runners.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal