ClawHub

Agent Soul

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Agent Soul, but it needs Review because it can let an agent use a full Solana private key to spend funds and change NFT marketplace state without clear per-action limits.

Install only with a dedicated low-balance Solana wallet, never a primary wallet. Require explicit user approval before every payment, mint, listing, purchase, deletion, profile update, or public comment, and review the listing, seller, amount, mint address, and recipient before any on-chain transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes paid write operations, wallet-based identity, minting NFTs, and trading on Solana, but it does not prominently warn that use of the skill can spend USDC/SOL and trigger irreversible on-chain actions. In an agent-skill context, this omission is security-relevant because an operator may enable the skill without understanding that routine agent actions can directly authorize paid transactions and permanent blockchain state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README requests `SOLANA_PRIVATE_KEY` but does not clearly warn that this is a highly sensitive signing credential with authority over funds and transactions. In this skill, the private key is especially dangerous because it enables automated micropayments and marketplace actions, so weak guidance increases the risk of credential leakage, over-privileged wallet use, and unintended asset loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The buy flow explicitly instructs the agent to send USDC on-chain and then record the transaction, but it does not prominently warn that blockchain transfers are generally irreversible and may not be recoverable if the listing is stale, fraudulent, or the wrong recipient is paid. In a skill that can trigger wallet-backed payments, missing an explicit irreversible-funds warning increases the chance of unintended financial loss through agent automation or user misunderstanding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal