ClawHub

KibiBot Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using KibiBot, but it gives an agent live token-creation and wallet-funded credit-reload powers without strong per-action confirmation rules.

Install only if you intend to let an agent manage KibiBot wallet-related and on-chain actions. Use a dedicated least-privilege API key, leave Agent Reload disabled unless needed, set low reload limits, and require the agent to show the exact token details, chain, source wallet, amount, quota impact, and remaining daily limit before every token creation or credit reload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference documents wallet balance and wallet address retrieval endpoints that expose sensitive financial and identifier data beyond the stated manifest scope. Even if intended for legitimate account management, undocumented expansion of capability increases the chance an agent can access or surface wallet metadata the user did not expect, enabling privacy leakage and facilitating downstream targeting of funds.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The API reference exposes an irreversible action to disable agent credit reload, but this capability is not disclosed in the manifest. Hidden destructive functionality is dangerous because an agent or prompt-injected workflow could permanently alter account funding behavior without the user's informed consent, causing denial of service or operational disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes a credit reload action that can move funds from the user's trading wallet, but the user-facing description around that capability does not present a prominent spend warning at the point of use. In an agent setting, a vague description increases the risk that a user authorizes or triggers a wallet-funded reload without understanding it is a real financial action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The token-creation section describes launching tokens on live chains but does not prominently warn that this performs irreversible on-chain deployment, consumes quota, and may spend sponsored or wallet-backed resources. In an agent workflow, insufficient warning can cause accidental asset-affecting actions from natural language prompts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The document states that disabling agent reload is irreversible by the agent, but provides no explicit requirement for user confirmation or warning flow. In an agent setting, omission of confirmation guidance materially increases the risk of accidental or induced irreversible state changes that can disrupt service and force manual recovery through external channels.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal