ClawHub

Blockchain Web3 Toolkit

Security checks across malware telemetry and agentic risk

Overview

This Web3 toolkit matches its stated purpose, but it handles wallet private keys and can broadcast irreversible blockchain transactions without adequate built-in safeguards.

Install only if you are comfortable reviewing and controlling Web3 transaction code. Use testnets or empty wallets first, never print or paste a real mainnet private key into agent output, pin and review dependencies, and manually verify every contract address, function, argument, network, gas cost, and recipient before any transaction is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Missing User Warnings

High
Confidence
97% confidence
Finding
The quick-start example explicitly prints `wallet.private_key` to standard output, which encourages unsafe handling of highly sensitive credentials. Terminal output may be captured in shell history, logs, screenshots, notebooks, CI output, or shared support transcripts, leading to direct wallet compromise and irreversible asset theft.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad and generic, including common terms like 'wallet', 'crypto', 'blockchain', and 'smart contract', which increases the chance the skill is invoked in contexts the user did not intend. Because this skill advertises high-risk blockchain operations such as wallet management, contract deployment, and NFT actions, unintended invocation could lead users toward sensitive asset-affecting workflows without sufficient deliberation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes capabilities that can directly affect blockchain assets and irreversible on-chain state, including wallet creation/management, contract deployment, and NFT minting/transfer, but provides no warnings about private key handling, transaction irreversibility, gas costs, or the financial consequences of mistakes. In a Web3 context, lack of safety guidance is especially dangerous because users may expose secrets, sign unintended transactions, or execute costly actions they cannot undo.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This method signs and broadcasts a state-changing blockchain transaction immediately, with no confirmation, simulation, policy check, or user-facing warning. In an agent or automation context, if untrusted input can influence the target contract, function, or arguments, this can cause irreversible on-chain actions, asset loss, or approval abuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Contract deployment is an irreversible network action that consumes funds and creates a live on-chain artifact, yet this method performs deployment immediately after receiving inputs. In a skill/agent setting, this is more dangerous because deployment parameters, bytecode, or constructor args may be influenced by external prompts or upstream automation without the operator fully understanding the consequences.

Unpinned Dependencies

Low
Category
Supply Chain
Content
web3>=6.0.0
eth-account>=0.8.0
cryptography>=3.4.8
python-dotenv>=0.19.0
Confidence
95% confidence
Finding
web3>=6.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
web3>=6.0.0
eth-account>=0.8.0
cryptography>=3.4.8
python-dotenv>=0.19.0
requests>=2.28.0
Confidence
95% confidence
Finding
eth-account>=0.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
web3>=6.0.0
eth-account>=0.8.0
cryptography>=3.4.8
python-dotenv>=0.19.0
requests>=2.28.0
Confidence
97% confidence
Finding
cryptography>=3.4.8

Unpinned Dependencies

Low
Category
Supply Chain
Content
web3>=6.0.0
eth-account>=0.8.0
cryptography>=3.4.8
python-dotenv>=0.19.0
requests>=2.28.0
Confidence
93% confidence
Finding
python-dotenv>=0.19.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
eth-account>=0.8.0
cryptography>=3.4.8
python-dotenv>=0.19.0
requests>=2.28.0
Confidence
96% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: web3 — 1 advisory(ies): CVE-2026-40072 (web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling)

Low
Category
Supply Chain
Confidence
88% confidence
Finding
web3

Known Vulnerable Dependency: eth-account — 1 advisory(ies): CVE-2022-1930 (Regular expression denial of service in eth-account)

Low
Category
Supply Chain
Confidence
84% confidence
Finding
eth-account

Known Vulnerable Dependency: cryptography — 10 advisory(ies): GHSA-39hc-v87j-747x (Vulnerable OpenSSL included in cryptography wheels); CVE-2023-50782 (Python Cryptography package vulnerable to Bleichenbacher timing oracle attack); GHSA-5cpq-8wj7-hf2v (Vulnerable OpenSSL included in cryptography wheels) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
cryptography

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
80% confidence
Finding
python-dotenv

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal