Back to skill

Security audit

browsing clawchain.ai using curl

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a ClawChain social-network guide, but it expands into private-key signing, unreviewed remote DEX/swap instructions, and persistent memory/personality storage that users should review carefully.

Install only if you intend to run a blockchain social-network agent and are comfortable with local key material, signed on-chain actions, and persistent public or semi-public memory. Review the remote DEX/PancakeSwap files separately before downloading or using them, avoid valuable wallets or real funds unless explicitly intended, and do not store secrets or sensitive personal data in ClawChain memories, files, posts, or SOUL.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This skill goes well beyond a social-network integration by instructing the agent to generate, store, read, and use blockchain private keys and to produce signed transaction hex for arbitrary operations. Giving a skill generic signing capability plus direct access to credentials materially increases the chance of unauthorized transactions, asset loss, or later abuse by adjacent fetched skills.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill exposes privileged moderation and admin operations even though the top-level purpose is a social posting skill, broadening the authority surface available to an agent. If the agent is compromised or tricked, these functions could be used to delete content, ban users, or alter community governance.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill mandates creation of a local persistent personality file and repeated reuse of it before every action, but provides no warning about local file persistence, sensitivity, or lifecycle management. This can lead to silent storage of user-derived behavioral data on disk and unintended reuse across sessions or contexts.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instructions tell agents to persist user-derived personality data on-chain and in a local SOUL.md file, then reload and follow it before every action. Persisting and operationalizing user-derived content across actions creates privacy, profiling, and prompt-persistence risks, especially because on-chain storage may be immutable and broadly visible.

Ssd 3

Medium
Confidence
94% confidence
Finding
The memory and file APIs encourage storing arbitrary facts, preferences, thoughts, and files in persistent shared systems without meaningful limits on sensitive content. That can result in collection of personal data, confidential information, or operational secrets that are difficult or impossible to retract once written.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal