ClawHub

SafeLink

Security checks across malware telemetry and agentic risk

Overview

SafeLink is a coherent web3 escrow skill, but it needs Review because it handles wallet/payment authority while exposing or persisting sensitive wallet and config data with limited safeguards.

Install only if you are comfortable with a web3 skill that can sign and broadcast transactions. Use testnet first, use a throwaway deployer key, keep .env out of source control, avoid running deployment against mainnet unless you have independently verified BASE_RPC_URL and balances, and treat COINBASE_WALLET_DATA as a secret because the current code prints it to stderr on first Coinbase wallet creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The initialization path prints the full exported wallet data to stderr, which can expose sensitive wallet recovery or persistence material to logs, terminals, process supervisors, CI systems, or other monitoring sinks. Even if this is not a raw private key, it is clearly treated as reusable wallet state and therefore should be handled as a secret.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs a live on-chain broadcast immediately after build and test without requiring an explicit user confirmation or dry-run step. In a production A2A/escrow context, this raises the chance of accidental deployment to mainnet, unintended spending, or deployment against the wrong RPC endpoint if environment variables are misconfigured.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script rewrites the repository .env file automatically after deployment, which can silently alter operator configuration and persist state changes beyond the current run. In an environment that also stores secrets in .env, automatic mutation increases the risk of clobbering settings, contaminating environments, or causing later commands to act on unintended addresses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup wizard transmits user-supplied API credentials to third-party services for validation immediately after entry, but does not clearly warn at the point of entry that the secret will be sent over the network. This can surprise operators, violate least-expectation, and increase exposure of high-value credentials if users paste production secrets during setup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The wizard collects wallet private keys and app secrets, then persists them into a local .env file without an explicit warning that these sensitive values will be stored on disk in plaintext. Storing long-lived secrets this way increases the chance of accidental disclosure through file permissions, backups, shell history, or source-control mistakes.

Credential Access

High
Category
Privilege Escalation
Content
console.log(`   ERC8004Registry: ${registryAddress}`);
console.log(`   SafeEscrow:      ${escrowAddress}`);

// 闂佸啿鍘滈崑鎾绘煃閸忓浜?Update .env 闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸嬫捇鏌嶉崗澶婁壕闂佸啿鍘滈崑鎾绘煃閸忓浜鹃梺鍐插帨閸?
let envContent = existsSync(ENV_FILE) ? readFileSync(ENV_FILE, "utf8") : "";

const updates: Record<string, string> = {
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
}

writeFileSync(ENV_FILE, envContent.trim() + "\n");
console.log("\n闂?.env updated with contract addresses.");
console.log("   Next step: npm run register");
Confidence
91% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal