ClawHub

W3connect

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for crypto payments, but it lets an agent initiate real ETH or USDC transfers through an unverified local wallet service with limited safeguards documented.

Install only if you already trust and have separately verified the local web3b0x service on 127.0.0.1:5333. Treat the authenticator code as authorization to move real funds, confirm chain, token, amount, recipient address or email outside the agent every time, and keep only limited funds in the connected wallet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents a payment flow that can trigger an actual on-chain deposit and follow-up API action to send funds to an email address, but it provides no explicit warning, confirmation requirements, or discussion of irreversibility. In an agent setting, this increases the risk of accidental fund transfers, parameter misuse, or socially engineered prompts causing real asset loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill documents a live on-chain asset transfer operation but provides no explicit warning that transactions are irreversible, may transfer real funds, and cannot be undone once broadcast. In an agent context, this is especially dangerous because a user or downstream system may treat the tool as a routine action and trigger unintended ETH or USDC transfers based on ambiguous prompts or social engineering.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description and invocation guidance are too vague to meaningfully constrain when the agent should use a capability that can access blockchain assets and transaction-signing flows. In a financial context, ambiguity increases the chance of inappropriate invocation, unintended transfers, or use without sufficient user confirmation and policy checks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal