ClawHub

Portfolio Risk Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a portfolio analyzer, but installing and running it can give it wallet-spending authority and trigger automatic crypto buybacks without per-transaction approval.

Install only after auditing the missing transaction helper scripts and disabling or gating automatic buybacks. Do not provide a main wallet private key; use a segregated low-balance wallet, testnet or dry-run flow, explicit approvals, spending limits, and clear privacy disclosures for wallet and voice data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The smart contract example documents a USDC-denominated $5 scan price (`scanPrice = 5e6`) but implements `payScan()` as `payable` and checks `msg.value`, which is native ETH, not USDC. This mismatch can cause incorrect payments, failed access control assumptions, or accidental over/under-charging if operators or users rely on the documentation instead of the actual settlement asset.

Intent-Code Divergence

Low
Confidence
94% confidence
Finding
The pricing section says pay-per-use access is valid for 24 hours, while the contract's `hasAccess()` grants access for 30 days after payment. This inconsistency can lead to unintended free access, billing disputes, and broken business logic if downstream systems enforce one policy while the contract enforces another.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The service runs a scheduled shell command to execute a buyback script, which is a privileged capability unrelated to portfolio analysis and expands the attack surface significantly. If the script, execution environment, filesystem, or deployment pipeline is compromised, an attacker could trigger arbitrary financial actions or achieve command execution through this pathway.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README instructs users to configure RPC endpoints and API keys and to scan wallets, but it gives no warning about handling sensitive credentials, wallet data, or privacy implications. In a crypto-focused skill that processes wallet information and monetizes scans, this omission can lead users to expose secrets or underestimate how their portfolio data may be collected, retained, or transmitted.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises real-time wallet scanning and voice-based collection of wallet addresses without clearly warning users that their wallet identifiers, holdings, and possibly phone metadata may be processed by third-party services such as RPC providers, APIs, and Twilio. In a financial context, this creates privacy and surveillance risk because wallet addresses can reveal asset balances, transaction history, and behavioral patterns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The monetization section promotes automatic buybacks but does not clearly warn operators that configured wallet credentials will be used to execute real on-chain swaps. Because the skill also instructs users to set `PAYMENT_WALLET_KEY`, the omission increases the chance of unintended live trading, fund loss from misconfiguration, or unsafe deployment by users who think this is only an analytical tool.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script loads sensitive configuration from .env and then performs blockchain-related actions using those values without any explicit warning, dry-run mode, or operator confirmation. In this context, the danger is operational: a user can unintentionally trigger real on-chain activity with production wallets or token addresses, leading to unintended trades or financial loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script performs an irreversible Uniswap swap immediately once the threshold is met, with no human confirmation, no simulation, and no safeguards beyond a fixed slippage value. Because token swaps are financially destructive and generally cannot be undone, a wrong balance, malicious environment value, bad token address, or price movement could directly cause loss of treasury funds.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Wallet addresses are sent to third-party RPC endpoints during balance checks and portfolio analysis, which can leak user financial interests and linking metadata to external providers. In a portfolio-analysis context this data sharing is expected technically, but the absence of disclosure, consent, or privacy controls makes it a genuine privacy/security issue.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automated subprocess execution performs real buyback actions without clear operator safeguards, separation of duties, or explicit safety controls. In a service that appears to be a portfolio-analysis API, hidden financial automation is especially dangerous because compromise or misconfiguration could lead to unauthorized market actions or infrastructure abuse.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal