ClawHub

Clawphunks

Security checks across malware telemetry and agentic risk

Overview

This skill is for NFT minting and trading, but it includes high-impact wallet/payment code, remotely fetched executable scripts, and an exposed Coinbase API secret that require review before use.

Review this before installing or enabling it for an agent. Use only a dedicated low-value wallet, set strict spending limits, require explicit human approval before any mint, buy, list, transfer, or rescue action, and do not automatically execute scripts returned from remote endpoints. The exposed Coinbase API key should be treated as compromised by the publisher and rotated; avoid relying on this package until that test credential and wallet-enumeration code are removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill adds an action that retrieves remote executable trading and rescue scripts, which materially expands capability beyond simple NFT minting and collection lookup. In an agent context, exposing script retrieval creates a supply-chain and prompt-injection bridge: downstream components may treat the returned content as trusted instructions or code and execute dangerous wallet-affecting operations.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Fetching and returning complete executable scripts from a remote endpoint is a genuine security issue because the remote content can change at any time and may contain wallet-draining, exfiltration, or destructive logic. In an agent ecosystem, this is especially risky because other tools or users may copy, run, or automatically act on the returned scripts, effectively turning the skill into an unvetted remote code delivery mechanism.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The tool exposes a capability to fetch and return arbitrary remote executable trading, transfer, and rescue scripts from an external endpoint, which materially exceeds the advertised mint-and-trade interface. In an agent setting, returning executable code from a remote service can become a prompt-injection or supply-chain vector if downstream components execute, summarize, or rely on that code without strong trust boundaries.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill can retrieve full executable scripts for sensitive asset operations such as transferring and rescuing NFTs, expanding its authority beyond the narrow NFT mint/collection use case. In an LLM-agent context, this broadens the attack surface because a remote endpoint can supply code or instructions that facilitate unauthorized asset movement or social-engineered wallet actions.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The code behavior does not match the stated purpose of minting and trading a specific NFT collection; instead it configures Coinbase credentials and enumerates wallets. This mismatch is dangerous because users or calling agents may grant trust or permissions based on the manifest description while the skill performs broader account reconnaissance.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill enumerates all available Coinbase wallets, which is broader than necessary for interacting with a single NFT collection. Excessive wallet discovery exposes sensitive account metadata and can enable profiling, targeting of valuable wallets, or unintended access patterns beyond the user's reasonable expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users or agents to use a wallet private key, pay for minting, and perform Ethereum/Base transactions without prominent warnings that these actions are irreversible and can cause direct financial loss. In this context, the danger is elevated because the skill is explicitly user-invocable, monetized, and tied to speculative NFT trading, so an agent could spend funds or expose valuable assets with insufficient user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that x402 USDC payments are handled automatically and shows a mint action, but it does not warn that invoking the action will spend real funds or recommend any user confirmation step. In an agent context, this increases the risk of unintended autonomous spending, especially if downstream developers copy the example as-is and expose the action without approval gates.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The action retrieves remote executable scripts without any warning that the response may contain code or operational instructions affecting NFT custody and wallet actions. In this context, lack of disclosure makes the risk worse because users or agent pipelines may mistake the result for safe data, increasing the chance of executing malicious or unsafe scripts fetched from an external server.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool returns copy-pastable code that instructs users to generate, store, and use a wallet private key in a local .env file, then immediately uses that key to authorize an on-chain payment. Although this server does not directly exfiltrate the key, distributing executable financial code that handles raw private keys without strong safety guidance or safer alternatives materially increases the risk of credential loss and unauthorized fund transfers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The trading tool provides executable code that uses a sensitive wallet private key to mint, deposit, and list assets across chains, causing irreversible blockchain transactions and potential financial loss if run blindly. The skill context makes this more dangerous because the advertised purpose is NFT minting/trading, so users are being actively prompted toward high-risk financial actions rather than merely viewing educational examples.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises broad, executable trading and minting capabilities for agents without clear trigger constraints, approval requirements, or guardrails on when those actions are allowed. In an agent context, this increases the chance of autonomous blockchain actions being initiated from vague prompts or indirect instructions, leading to unintended asset purchases, listings, transfers, or other on-chain operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The minting instructions describe creating a wallet and calling a paid mint endpoint, but do not clearly warn that this initiates a real blockchain payment and creates a new digital asset. In an agent-integrated workflow, omission of explicit cost, irreversibility, and consent warnings can cause users or autonomous agents to spend funds and mint NFTs unintentionally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly guides the agent to mint NFTs for a paid fee and perform on-chain trading actions, but it does not present a clear, prominent warning that these actions spend user funds and may be irreversible once submitted. Because the skill also requires a wallet private key and includes transaction examples, an agent could proceed with real financial operations without sufficiently explicit user awareness or confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This function directly sends an on-chain transaction using the server-controlled signing key as soon as it is called, with no approval, policy check, or explicit confirmation step in this code path. In the context of an NFT mint/trade skill, that is more dangerous because any upstream misuse, prompt injection, or insufficient authorization could cause irreversible blockchain transactions and loss of funds via repeated gas spending or unintended transfers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The /skills endpoint serves ready-to-run code that signs payments and submits live blockchain transactions for minting, listing, transferring, withdrawing, and buying assets. In an agent setting, distributing executable financial action scripts without any built-in confirmation, allowlisting, transaction simulation, or spend limits materially increases the risk of unintended fund transfers or autonomous asset loss if an agent consumes and executes these instructions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains hardcoded Coinbase API credentials, including a private key/secret, which is a direct secret exposure. Anyone who obtains the code can reuse the credentials to access Coinbase APIs as that account, potentially listing wallets, performing account actions, or pivoting into broader compromise depending on the credential scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill makes an external API call to Coinbase to list wallets without clear disclosure that account data will be accessed remotely. In an agent-skill context, undisclosed network access is risky because it can silently transmit or retrieve sensitive financial metadata outside the user’s expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal