ClawHub

Ethereum Wingman

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Ethereum development helper with some guidance-quality caveats but no evidence of hidden, destructive, or exfiltrating behavior.

Install this only if you want Ethereum or Scaffold-ETH guidance. Run its shell commands in a development directory, keep cast/anvil commands pointed at a local fork, review any generated dependencies, and treat the security examples as teaching material that still needs independent review before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
Labeling `approve(spender, exactAmount)` as universally SAFE is misleading because allowance changes can still be front-run if a nonzero allowance is updated directly to another nonzero value. In an Ethereum development tutor skill, this can propagate insecure approval patterns into generated code or user guidance, increasing the chance of token overspending bugs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The Alchemix section contains internally contradictory guidance: it explicitly says the real incident was not a precision error, yet the sample vulnerable code, fix, and lessons teach readers to interpret it as a rounding/precision bug. In a security-training skill, this kind of factual mismatch is dangerous because it can miseducate users about root causes, causing them to apply the wrong mitigations and overlook the actual class of logic bug that led to loss.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is designed to activate on a very broad set of Ethereum-related tasks, which can cause it to override more specific or safer domain skills and steer users into its prescribed workflow. In this case, the broad trigger is made more significant by strong behavioral directives such as ALWAYS using fork mode and browser/MCP-driven testing, increasing the chance of unnecessary privileged actions or unintended execution paths.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger criteria are extremely broad, covering generic terms like "build," "create," and "web3," which can cause the skill to activate for loosely related requests. In an agentic environment, overbroad invocation increases the chance of the skill steering users into blockchain-specific workflows, recommending command execution, browser automation, or live-network fork testing when that context was not actually intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal