ClawHub

Debank Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DeBank wallet-query helper, but users should understand it installs an external CLI, sends wallet queries to DeBank, and can store a DeBank API key locally.

Install only if you are comfortable trusting the external debank-cli npm package and giving it a DeBank Pro API key. Prefer a limited or revocable key if available, remove it with debank config remove-key when no longer needed, and avoid using the skill for sensitive wallet investigations unless you accept that query details may be visible to DeBank.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill goes beyond read-only blockchain queries by instructing the agent to collect and persist a DeBank API key in a local config file. Storing user credentials locally expands the attack surface because later tools, sessions, or other skills may access the saved secret, and the skill does not include any warning about persistence, scope, or safer alternatives.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes querying wallet balances, DeFi positions, transaction history, approvals, and other on-chain data through the DeBank Pro API, but it does not warn users that wallet identifiers and query contents will be transmitted to a third-party service. Even though wallet addresses are public on-chain, correlating user queries, ENS names, and investigation targets through an external API can expose sensitive usage patterns and reduce user privacy.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation description is broad enough to trigger on many generic wallet- or portfolio-related prompts, increasing the chance the skill runs in situations the user did not specifically intend. In this skill, that matters because invocation may lead to external API usage and credential collection steps, so overbroad matching can unnecessarily expose wallet data or prompt for secrets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly tells the agent to ask the user for a DeBank Pro API key and save it locally, but it does not disclose the storage location, persistence, or security implications before doing so. This creates credential-handling risk because users may provide a secret without understanding it will be written to disk and potentially accessible to other local processes, future sessions, or logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal