ClawHub

Quack Wallet

Security checks across malware telemetry and agentic risk

Overview

This wallet skill does what it says, but it can move tokens using a stored API key without built-in confirmation or limits.

Review this carefully before installing. Use it only with a Quack API key and wallet balance you are willing to expose to automated transfers, and manually verify recipient, amount, memo, and agent ID before running transfer.mjs. Prefer a limited-scope or low-balance key until the skill adds explicit confirmation and transfer limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are very broad and overlap with common financial/accounting requests such as 'check balance', 'transfer tokens', and 'pay agent', which increases the chance of unintended invocation in ambiguous conversations. In a wallet skill that can move funds, accidental activation is especially dangerous because it could initiate sensitive financial actions without clear user confirmation or contextual constraints.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill enables token transfers but does not warn that transfers affect real agent funds and may be irreversible, which can mislead users or downstream agents into treating the action as low-risk. In the context of an agent wallet, missing risk disclosure materially increases the chance of unauthorized, accidental, or insufficiently reviewed transfers.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script performs an irreversible token transfer immediately after parsing command-line input, with no interactive confirmation, preview, policy check, or other user-facing safeguard. In the context of an agent skill that manages funds, this makes accidental, prompt-injected, or parameter-manipulated transfers much more likely to succeed and can directly cause loss of assets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal