ClawHub

Polygon Agents CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Polygon wallet helper, but it gives agents sensitive crypto-wallet authority and relies on a public callback tunnel, downloaded helper binary, and temporary session files that users should review carefully.

Install only if you intentionally want an agent to manage Polygon wallet sessions and potentially move crypto assets. Verify the npm package source, keep private keys and access keys out of chats/logs/source control, use strict session spending limits, delete temporary session files after import, and require explicit confirmation before any --broadcast transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The quickstart tells users to save a wallet private key backup but does not warn that the key is a high-value secret that grants full wallet control if exposed. In a crypto wallet context, omission of basic secret-handling guidance can directly lead to theft through screenshots, shell history, cloud notes, or plaintext files.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide normalizes automatic download of cloudflared and exposure of a local callback over a public trycloudflare tunnel without describing trust, visibility, lifetime, or data-exposure considerations. In a wallet/session-approval flow, this increases phishing, interception, and unintended callback exposure risk, especially for autonomous-agent operators who may run on shared or remote hosts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Saving encrypted session material to /tmp without warning or cleanup guidance is risky because /tmp is commonly world-visible in operational workflows, persists across crashes, and may be harvested by other local users, malware, backups, or support tooling. Even if encrypted, the blob is sensitive session material and may become exploitable if paired with other leaked context or implementation flaws.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs reading an access key from local encrypted storage and exporting it into plain shell environment variables. Environment variables are routinely exposed to child processes, shell history/workflow logs, crash dumps, debugging output, and multi-tenant agent runtimes, so this materially increases the chance of credential leakage and unauthorized wallet, balance, swap, or Trails API access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes auto-downloading and executing `cloudflared` into a user directory on first use without an integrity-verification or trust warning. Automatically fetching and running a network-facing binary expands the supply-chain and remote-execution attack surface, especially in agent environments where users may not realize an extra executable and public tunnel are being started.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal