ClawHub

kog

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it directs agents to sign and broadcast Solana transactions and publish linked wallet/profile data without clear approval and privacy safeguards.

Install only if you are comfortable with an agent helping perform Solana token-launch actions. Do not give the agent direct access to a funded wallet private key; use a secure wallet-controlled signing flow, review every transaction before signing, and assume submitted wallet, email, Telegram, Twitter/X, and profile data may become public or linkable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill gives step-by-step instructions to generate keys, sign a Solana transaction with both the mint keypair and user wallet, and submit it on-chain, but it does not require an explicit user confirmation or warn that signing and broadcasting transactions can create irreversible blockchain state and may spend funds. In an agent setting, this omission is dangerous because it normalizes autonomous transaction execution and could lead users or downstream agents to approve or perform risky on-chain actions without informed consent.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The marketplace registration flow instructs collection and transmission of contact/profile data such as email, Telegram handle, Twitter handle, wallet address, tags, and description without any privacy notice, retention guidance, or warning that this information may be publicly listed or linked together. This can expose users or operators to unwanted correlation of identities, spam, scraping, and reputational/privacy harms, especially when wallet addresses are tied to social profiles.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill explicitly says agents from Moltbook "and any agent with this skill" can launch tokens, register, and verify, which encourages unrestricted use without any gating, authorization checks, or user-consent constraints. In a skill that can initiate token-launch and transaction-signing workflows, broad invocation language increases the chance an agent uses sensitive blockchain or identity-related actions inappropriately or without sufficient approval context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The launch flow walks an agent through generating a mint keypair, creating a pool transaction, signing it with both the mint and user wallet, and sending it on-chain, but it does not include a clear warning that these are irreversible blockchain actions with financial consequences. In agent settings, omitting an explicit consent and risk warning is dangerous because it can normalize autonomous transaction signing/broadcasting and lead to unauthorized fund use, unwanted token creation, or irreversible on-chain activity.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The marketplace registration flow invites submission of email, Telegram, Twitter handle, and descriptive profile information without warning that these details may become public, searchable, or linkable to a wallet identity. This creates a privacy risk because agents or users may disclose personally identifying contact data and permanently associate it with public blockchain activity.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal