ClawHub

Superfluid Protocol

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Superfluid documentation skill, but it gives high-impact DeFi approval and transaction guidance without enough plain warnings about persistent token and stream permissions.

Install only if you want a DeFi/Superfluid protocol reference and will review every wallet prompt yourself. Prefer exact allowances over unlimited approvals, use granular flow-operator permissions when possible, verify contract addresses and domains independently, and revoke permissions or stop streams when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly recommends `type(uint256).max` approval to the strategy contract for the underlying ERC-20, but it does not clearly warn that this gives the strategy ongoing authority to pull the user's tokens. If an approved strategy is compromised, upgraded unsafely, misconfigured, or later becomes malicious, users could suffer broad token loss beyond the immediate wrap amount. In this skill context, the risk is heightened because the document is a knowledge-base reference that may be copied into integrations or user guidance as authoritative setup instructions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest instructs users to grant this contract Superfluid ACL flow-operator permissions and potentially ERC-20 allowance, including a 'simplest approach' that grants full control, but it does not explicitly warn that these approvals let the contract create/delete flows and transfer approved tokens on the user's behalf. In a knowledge-base/reference skill, omission of that warning can mislead integrators into over-permissioning a third-party contract, increasing the blast radius if the contract, deployment, keeper flow, or surrounding integration is compromised or misunderstood.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document presents leveraged CDP borrowing, collateralized stablecoin issuance, liquidation parameters, and redemption mechanics in a matter-of-fact way without any user-facing caution about liquidation risk, smart contract risk, oracle risk, stablecoin depeg risk, or loss of funds. In a knowledge-base skill likely used to inform user decisions, this omission can cause users to treat the content as implicitly safe or suitable, increasing the chance of financially harmful actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file tells users they can interact with USND via app.superfluid.org or the Superfluid SDK and highlights streaming use cases, but does not warn that token flows persist until explicitly changed or deleted, may drain balances over time, and depend on third-party app interfaces and approvals. Users following this guidance without cautions may create unintended ongoing outflows, misunderstand insolvency/liquidation implications, or trust external frontends without verifying contract details.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document describes an AI-agent-driven token launcher that can deploy tokens from a Farcaster mention, but it does not include clear user warnings about irreversible on-chain actions, financial risk, wallet authorization, or the possibility of triggering token deployment unintentionally. In a knowledge-base skill, omission of these warnings can mislead downstream agents or users into treating deployment as informational rather than transactional, increasing the risk of unintended token creation or unsafe financial behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal