ClawHub

ORE Miner

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a refinORE crypto-mining account, but it pushes autonomous recurring fund deployment and trading actions without strong confirmation, spending caps, or endpoint safeguards.

Install only if you deliberately want an agent to operate a funded refinORE account. Use the official API URL, a small balance, a revocable or scoped key if available, and explicit per-round and total spend limits. Confirm before starting mining, enabling auto-restart, editing live strategies, or creating DCA/limit orders, and know how to stop sessions and revoke the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The document explicitly tells consumers to use an `x-api-key: rsk_...` credential pattern for authenticated access. Even though the value is shown as a placeholder rather than a full secret, embedding realistic credential format guidance in an agent skill lowers the barrier for unsafe autonomous use and can encourage secret collection, mishandling, or substitution of live keys in downstream prompts and logs.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation language is broad enough to match generic crypto-help requests, increasing the chance the skill is activated outside a narrow mining-management context. In a financial skill with shell and API capabilities, overbroad triggering raises the likelihood of unintended account inspection, trade setup, or fund-deploying suggestions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to begin mining as soon as funds are detected, without a mandatory explicit confirmation step summarizing amount, asset, recurrence, and risk. Because mining deploys user assets on repeated rounds, this can directly cause unauthorized or misunderstood financial activity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The DCA and limit-order sections describe creation and deletion of persistent trading orders without a prominent user warning that these actions can continue moving assets over time. Persistent automated orders are particularly risky because a single command may have repeated financial consequences after the immediate interaction ends.

Missing User Warnings

High
Confidence
97% confidence
Finding
The auto-restart logic explicitly resumes mining after interruption using prior settings, but it does not require fresh approval or even prominently warn the user that asset deployment may resume automatically. This can lead to continued fund usage after a user believes the session has stopped or after context has materially changed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
`POST /mining/start` initiates real fund deployment (`sol_amount`, `num_squares`, `auto_restart`) but is documented like a routine API call without an explicit warning that it can spend user assets and continue automatically across rounds. In this skill context, the endpoint directly controls financial exposure on Solana, so omission of strong user-confirmation and risk language is dangerous for autonomous agents and can lead to unintended loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The live strategy-edit endpoint is marketed as 'the key endpoint for AI agents' and allows mid-session changes to deployment size, tile selection, thresholds, and rules that affect the next round automatically. Presenting this capability without strong warnings or approval gates materially increases the risk of an agent unexpectedly changing active fund-deployment behavior and amplifying losses in a live session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The order-management section exposes creation of DCA/limit orders and deletion of active orders without warning that these actions can execute trades, change portfolio exposure, or cancel protective automation. In a financial automation skill, lack of explicit cautions and approval requirements makes unintended or adversarial order placement/cancellation materially risky.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends a state-changing POST request that starts mining and commits funds using user-supplied parameters, but it provides no confirmation prompt, dry-run mode, or explicit risk warning before execution. In a financial/crypto-mining context, this increases the chance of accidental fund deployment or unintended automated activity, especially because the request also enables auto-restart.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires an API key as a positional argument and immediately sends it to a user-supplied remote endpoint without any validation, warning, or masking. This is dangerous because shell arguments can be exposed via process listings/history and the endpoint may be untrusted, leading to credential leakage and unauthorized account actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script initiates a mining session that spends SOL and sets auto_restart=true with frequency every_round, but provides no explicit confirmation, spending cap, or warning about recurring financial activity. In a financial automation skill, this materially increases risk because a single invocation can trigger repeated on-chain or platform spending without the user's informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
echo "⛏️ Deploying with custom tiles on refinORE..."
echo "  SOL: $SOL_AMOUNT | Tiles: $NUM_TILES | IDs: $TILE_IDS"

RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "$API_URL/mining/start" \
  -H "$AUTH_HEADER" \
  -H "Content-Type: application/json" \
  -d "{
Confidence
88% confidence
Finding
curl -s -w "\n%{http_code}" -X POST "$API_URL/mining/start" \ -H "$AUTH_HEADER" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal