Back to skill

Security audit

Aave Liquidation Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Aave monitoring tool, but users should treat wallet checks, alerts, and logs as sensitive financial metadata.

Install only if you are comfortable with OpenClaw periodically checking your wallet against Aave and sending liquidation-risk details through your selected Telegram, Discord, or Slack channel. Use a private channel, review OpenClaw log retention, and disable or remove the cron job when monitoring is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes outbound network use to Aave's GraphQL API and messaging delivery via OpenClaw, yet the finding indicates no declared permissions are present. Undeclared network capability is a real security and governance issue because reviewers and runtime policy enforcement cannot accurately determine what external communication the skill performs, which can conceal unexpected data egress or make sandboxing ineffective.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documentation instructs users to transmit wallet addresses and position data to Aave's hosted GraphQL API but does not warn that wallet addresses are sensitive financial metadata that can be linked to borrowing activity. In a liquidation-monitoring skill, this omission matters because users may provide multiple addresses across chains, enabling third-party profiling and correlation of DeFi positions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide encourages persistent background execution and logging of wallet addresses, health-factor checks, timestamps, and alert history without an explicit privacy and persistence warning. In a financial monitoring context, these records can expose sensitive operational and wallet metadata to other users, admins, or compromised integrations, increasing surveillance, targeting, or correlation risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.