ClawHub

Sage Wallet

Security checks across malware telemetry and agentic risk

Overview

This wallet skill is mostly transparent, but it can control real crypto assets and has weak safety boundaries around transaction submission, secret access, and config loading.

Install only if you intentionally want an agent to operate a Sage Chia wallet. Use testnet or a low-value wallet first, fix or avoid the eval-based config loader, keep cert/key and mnemonic material private, use only trusted local RPC endpoints, and require explicit review before any send, mint, offer, signing, broadcast, key deletion, database deletion, or mnemonic retrieval action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (19)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README documents commands that can trigger real wallet actions such as sending XCH, minting assets, transferring NFTs/DIDs, and taking offers, but the command reference does not consistently warn that these actions may be irreversible or financially risky at the point of use. In an agent skill context, concise command docs can be copied directly into automation or natural-language execution flows, which increases the chance of accidental loss from user misunderstanding.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill advertises broad natural-language triggers like 'send XCH' and 'create an offer' for a high-impact wallet interface. In this context, ambiguous intent resolution can lead to accidental invocation of asset-moving operations without sufficiently explicit, structured user confirmation.

Missing User Warnings

High
Confidence
93% confidence
Finding
The description promotes transactions, token issuance, NFT actions, offers, and wallet configuration without clear warnings that many operations are irreversible and can directly affect funds and assets. In a blockchain wallet context, missing risk disclosure materially increases the chance of user error causing permanent loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The configuration section includes configurable RPC endpoints and SSL certificate/key paths but does not warn that these are sensitive trust anchors and local secret-adjacent materials. Misconfiguration or use of untrusted paths/endpoints could expose wallet metadata, enable unauthorized RPC access, or cause users to load insecure credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This reference exposes highly sensitive and destructive wallet operations such as mnemonic retrieval, key import/deletion, resync, and database deletion without any warning, confirmation guidance, or restriction notes. In a wallet-management skill, this increases the chance that an agent or user will invoke dangerous actions casually, leading to credential compromise, permanent wallet loss, or destructive state changes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation lists financial transfer endpoints like send_xch, bulk_send_xch, multi_send, send_cat, and related coin-management actions without warning that blockchain transfers are irreversible and may move real assets. In the context of an agent skill designed for natural-language wallet control, this omission materially raises the risk of accidental or manipulated transfers.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Endpoints for NFT transfers, DID operations, offer cancellation, signing/submission, and immediate transaction broadcast are documented as routine references without noting their on-chain finality or security sensitivity. Because this skill is specifically built to operate a blockchain wallet via RPC, omission of warnings makes misuse more dangerous than in a generic API catalog and can lead to irreversible asset/state changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill documents CAT transfer and issuance operations with `auto_submit: true` as the default example behavior, but it does not warn that these actions can immediately create irreversible on-chain transactions, consume fees, and potentially result in permanent asset loss if parameters are wrong. In a wallet/asset-management skill, omission of transaction-risk guidance materially increases the chance that users or downstream agents will submit live blockchain actions without adequate confirmation or validation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The transfer example performs an irreversible ownership-changing blockchain action with auto_submit enabled, but provides no explicit warning that the DID will be sent to another address and that the transaction may be broadcast immediately. In a wallet skill, users may copy examples directly; this creates a real risk of accidental asset/identity loss and unintended on-chain fees.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The create, update, and normalize examples show state-changing wallet operations with auto_submit enabled but do not warn that these actions modify on-chain state and consume fees. In the context of a blockchain wallet skill, omission of such warnings can lead users or downstream agents to trigger real transactions unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents `set_network`, per-wallet network overrides, and `set_change_address` as routine operations but does not warn that these settings directly affect where funds are sent, how addresses are interpreted, and which chain a wallet operates on. In a wallet-management skill, omission of safety guidance increases the chance of misrouting funds, creating unusable change outputs, or causing user confusion between mainnet and testnet contexts.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The peer-management section exposes `add_peer`, `remove_peer`, `ban`, and peer-discovery controls without noting that these actions can degrade connectivity, reduce resilience, or interrupt synchronization if misused. While not directly compromising funds, misleadingly frictionless peer changes in a blockchain wallet context can impair node health and availability.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill documents high-impact wallet operations such as NFT transfer, DID assignment, visibility changes, and URI mutation without any caution about irreversible blockchain effects, fees, or confirmation requirements. In an agent-driven wallet context, this increases the risk of accidental asset transfer or permanent metadata changes from ambiguous or mistaken user prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents `take_offer` and `cancel_offer` with `auto_submit: true` but does not clearly warn that these actions can create and broadcast on-chain transactions that spend wallet funds. In a wallet/offer-trading context, this omission can cause users or downstream agents to treat these operations as informational or reversible, increasing the risk of unintended asset transfers, fees, or offer invalidation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill documents asset-moving blockchain operations such as minting, exercising, and transferring options with `auto_submit: true` in the examples, but it does not warn users that these actions can immediately broadcast irreversible transactions and spend wallet funds. In a wallet/asset-management skill, omission of confirmation and risk language materially increases the chance of accidental transfers, unintended fees, or unwanted contract creation by downstream agents or users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill documents signing and broadcasting blockchain transactions, including the one-step `auto_submit: true` path, without any explicit warning that these actions can move assets and are generally irreversible once submitted on-chain. In an agent skill context, that omission increases the chance of users or downstream agents invoking dangerous operations without adequate confirmation, especially when the skill supports direct submission of signed spend bundles.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents a `send_transaction_immediately` endpoint for direct broadcast but provides no warning that broadcasting a spend bundle can create irreversible on-chain transfers. In a wallet-connect context, this omission is risky because users or downstream agents may treat the action as routine RPC usage and fail to apply appropriate confirmation and review before funds are moved.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill exposes message-signing functions without warning that signatures can prove wallet or address control and may be used for authentication, account linking, or other third-party authorization flows. In a dApp connectivity setting, this increases phishing and consent risks because a user or agent may sign arbitrary messages without understanding the trust implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents fund-moving RPC operations with `auto_submit: true` in examples and payloads, which normalizes immediate broadcast of blockchain transactions without an explicit confirmation or risk warning. In a wallet skill, this increases the chance that an agent or user will trigger irreversible transfers, coin consolidation, or clawback actions without adequate human review, leading to accidental loss of funds.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal