ClawHub

Chia SplitXCH

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it creates Chia SplitXCH payment-split addresses, with privacy and irreversible-transfer caveats users should understand.

Install only if you are comfortable sending recipient names, XCH wallet addresses, and split percentages to SplitXCH. Before using any generated address for live funds, preview when possible and independently confirm every address, percentage, basis-point total, nesting level, and the 1.5% fee per split level.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to invoke a shell script (`bash <skill_dir>/scripts/splitxch.sh /tmp/split-payload.json`) but declares no permissions, creating a capability/permission mismatch. This is dangerous because shell execution expands the attack surface and can enable unintended command execution, secret exposure, or unsafe filesystem/network access if the script or its inputs are modified or mishandled.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger list is broad enough to match generic payment-sharing language such as 'revenue share' or 'payment split', which can cause the skill to activate in contexts the user did not intend. In this skill, unintended invocation is more dangerous because it can lead users into generating blockchain payment addresses for irreversible transfers and fee-bearing transactions without clear intent confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains automatic on-chain distribution but does not prominently warn that generated addresses route live funds irreversibly and that each split level incurs a 1.5% fee. In a cryptocurrency context, missing this warning materially increases the risk of users sending funds to a split address they do not fully understand, causing irreversible loss, misrouting, or unexpectedly compounded fees in nested splits.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits the entire user-supplied JSON payload, including recipient names, wallet addresses, IDs, and split metadata, to a third-party API. While this appears necessary for the skill's functionality, the code provides no explicit disclosure, consent check, minimization, or allowlist validation, so sensitive payment-routing data may be sent off-host without the user's informed awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal