ClawHub

Xflows Bridge

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate crypto bridge skill, but it needs Review because it can expose wallet private keys and send irreversible blockchain transactions without strong confirmation safeguards.

Install only if you are comfortable letting an agent operate crypto wallet tooling. Use a fresh low-balance wallet, enable encryption, avoid importing a main private key, do not use wallet show except for recovery, verify the xflows package source and version, run dry-runs first, and manually confirm chain, token, recipient, amount, fees, and slippage before any real transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises autonomous wallet creation, transaction signing, and fund-moving cross-chain operations without prominently warning about irreversible transfers, bridge risk, destination-chain mismatches, or private key handling. In an agent skill context, this omission is dangerous because it normalizes high-risk financial actions as routine single-command workflows, increasing the chance that users or downstream agents initiate transactions without adequate confirmation or operational safeguards.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is extremely broad and includes generic phrases like 'transfer ETH', 'send tokens', and 'check balance', which can cause the skill to activate for ordinary wallet or payment requests beyond the user's intended scope. Because this skill can create wallets, reveal private keys, delete wallets, and move funds across chains, overbroad invocation materially increases the chance of unintended high-risk actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill exposes commands that can directly move funds, delete wallets, and reveal private keys, but it does not prominently warn about these destructive and sensitive capabilities. In this context, the omission is dangerous because the skill is expressly designed for financial operations, so a user or orchestrating agent may invoke high-risk commands without understanding that irreversible asset loss or secret exposure can occur.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that wallet creation saves wallet material to `~/.xflows/wallets/<name>.json` and allows importing a private key, but it does not warn that this creates sensitive key material on disk. In an agent skill that may be invoked by non-expert users, omission of this warning increases the chance users will create or import hot wallets without understanding the local secret-storage risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
`wallet show` is documented as revealing the private key, but there is no strong warning that displaying it can immediately compromise the wallet if the terminal, logs, screenshots, shell history, or calling agent output are exposed. In this skill context, that is especially dangerous because agent systems often capture and relay command output verbatim.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The transaction-capable commands (`send`, `transfer`, `transfer-token`) describe signing and broadcasting on-chain transactions but do not clearly warn that these actions are irreversible and may incur fees, approvals, and permanent asset loss if parameters are wrong. In a bridge skill, this is more dangerous than ordinary documentation because cross-chain transfers add extra complexity, delayed finality, and multiple failure modes.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal