ClawHub

HypurrFi

Security checks across malware telemetry and agentic risk

Overview

This DeFi skill is not clearly malicious, but it needs Review because it creates a persistent plaintext hot wallet and can authorize real financial transactions.

Install only after careful review. Use a dedicated low-balance wallet, protect or avoid the plaintext wallet file, verify contract addresses independently, avoid unattended --yes usage, and revoke token allowances after repayment. Treat Prime/Yield/Vault and rates examples as unsupported in this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises executable commands that interact with local Node.js scripts and wallet files, but the manifest does not declare corresponding permissions beyond a binary requirement. In an agent setting, undeclared environment/code capabilities reduce transparency and can cause the host or user to authorize a skill without understanding that it may access local environment data or execute code with wallet-related side effects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill description focuses on DeFi lending operations but omits that setup creates and stores a local private key on disk. That hidden behavior is security-sensitive because agents or users may invoke the skill expecting only protocol interactions, while it also establishes persistent custody material at a known path, increasing the risk of accidental exposure, misuse, or compromise of funds.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script advertises support for Prime/Yield and Vault deposits, but execution for those paths always throws a 'coming soon' error. In a DeFi treasury context, this mismatch can cause agents or operators to select unsupported markets based on the skill description, leading to failed operations, unreliable automation, and potentially unsafe fallback behavior if higher-level orchestration assumes the deposit succeeded or retries into other actions.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script generates a new private key and stores it unencrypted on disk, which introduces custodial secret handling beyond simple DeFi lending orchestration. Even though this may be intended as convenience setup, local plaintext key storage materially increases the risk of wallet compromise if the host, filesystem, backups, or logs are exposed.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This skill implements local custodial key generation and secret persistence despite the stated purpose being DeFi lending/borrowing, which does not inherently require the skill to create and retain user private keys itself. In the context of an agent skill, this is more dangerous because the agent may operate autonomously and users may not realize the skill is taking custody of spend-capable credentials, creating theft and unauthorized transaction risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code generates a wallet and persists the raw private key in plaintext JSON on disk, then later loads it directly for transaction signing. Although the file is chmod'd to 0600, that does not protect against local compromise, backups, container volume leakage, malware, accidental commits, or other processes running as the same user; in a DeFi lending skill, theft of this key directly enables irreversible loss of deposited collateral and borrowed funds.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal