ClawHub

Chia WalletConnect - Telegram Verification

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for Chia wallet verification, but it handles wallet-to-Telegram identity linkage with weak disclosure and an under-scoped optional backend.

Install only if you are comfortable operating a wallet-verification flow that links Chia addresses to Telegram users. Before production use, replace the WalletConnect Project ID, remove sensitive console logging, add an explicit consent/privacy notice, restrict CORS, authenticate or remove the status endpoint, and never trust a user ID supplied by client JSON when granting access or airdrop eligibility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The code and skill description claim signature verification via MintGarden API, but this function only packages wallet address, signature, public key, Telegram user ID, and timestamp and sends them to the Telegram bot. This is a security-relevant integrity mismatch because users may trust a verification path that is not actually happening in the web app, and the backend can silently perform different or no verification at all.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The comment 'Verify signature via MintGarden API' is contradicted by the function body, which does not verify anything and instead immediately sends the data to Telegram and shows a success message. In a wallet-verification flow, this can mislead users and reviewers into believing a cryptographic check has already succeeded when it has not.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs developers to collect address, message, signature, public key, and user-linked data from Telegram and send it to a bot/backend for verification, but it does not clearly disclose the privacy and trust implications of transmitting this data to both the bot operator and MintGarden. In a wallet-verification flow, insufficient disclosure can cause operators to deploy a system that unnecessarily centralizes sensitive authentication artifacts and user-linked metadata.

Missing User Warnings

Low
Confidence
89% confidence
Finding
Publishing a real WalletConnect Project ID in setup examples can encourage reuse of a shared identifier in deployed instances, enabling quota exhaustion, telemetry confusion, or service disruption against the referenced project. Although a later note recommends using your own ID in production, the example still creates avoidable operational risk and weakens separation between demo and production usage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly sends wallet verification data through Telegram Web App flows and to MintGarden for signature verification, but it does not present a clear user-facing disclosure of what data is shared and with whom. This can expose wallet addresses, signed messages, public keys, and Telegram-linked identifiers without informed consent, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The app transmits sensitive linkage data—wallet address, signature, public key, Telegram user ID, and timestamp—to the Telegram bot via tg.sendData without a clear just-in-time disclosure or consent prompt. In this context, that creates privacy risk and account-linking risk because blockchain identity is being tied to a Telegram identity in a wallet-verification workflow.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The code logs wallet address, session information, public key, challenge data, and signature artifacts to the browser console. Console logs can be exposed to debugging tools, shared devices, support captures, or other scripts in the page context, unnecessarily increasing exposure of wallet-related and identity-linking data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal