ClawHub

Stakingverse Ethereum

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate StakeWise staking helper, but it can sign and broadcast real Ethereum mainnet staking transactions with a raw private key and too little user protection.

Install only if you are comfortable reviewing and manually running Ethereum mainnet staking code. Do not use a primary wallet private key; use a dedicated low-balance wallet, verify the StakeWise vault and receiver address independently, and inspect the exact amount, gas, network, and transaction before broadcasting. Be aware that the reviewed package does not include the advertised unstake command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The documentation states that osETH is rebasing while the examples model it as a share/asset-convertible token. In a financial skill, this semantic mismatch can mislead users or integrators about balances, redemption behavior, accounting, and expected returns, potentially causing incorrect transaction sizing or loss through operational mistakes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to place a raw Ethereum private key into an environment variable but provides no warning about secure key handling, hot-wallet risk, shell history leakage, or the need to use a dedicated low-value wallet. In a skill that performs real mainnet staking transactions, this meaningfully increases the chance of credential exposure and loss of funds if the host environment, logs, or developer workflow is compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README provides a one-line command to stake ETH on Ethereum mainnet, which can irreversibly move user funds, but it does not clearly warn that transactions are final, subject to smart contract and slashing/protocol risks, and may not be immediately reversible. Because this skill is specifically designed to move ETH into a liquid staking vault, the missing warning is more dangerous than in a read-only or testnet skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to place a raw private key in an environment variable and provides transaction-signing examples without any warning about secret handling, key isolation, or least-privilege wallet practices. In a wallet/DeFi context, this materially increases the risk of key theft, accidental logging, shell history leakage, CI exposure, or misuse by other local processes, which could lead to total asset loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The quick-start commands encourage immediate staking and unstaking transactions without warning that these are irreversible on-chain actions with gas costs, slippage/queue implications, and protocol-specific risks. In a value-moving Ethereum skill, omission of such warnings can cause users to execute transactions they do not fully understand, leading to avoidable financial loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script directly reads a raw Ethereum private key from an environment variable and immediately uses it to create a signing wallet, with no user disclosure, isolation, or safer signing mechanism. In an agent-skill context, this is risky because the skill gains access to a highly sensitive credential that can authorize irreversible on-chain transfers if the environment is misconfigured or the skill is invoked unexpectedly.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script sends a live staking transaction that transfers ETH as soon as it is run, without any confirmation prompt, dry-run, amount sanity check, recipient verification step, or explicit warning that funds will be committed on-chain. In a staking skill, this is especially dangerous because blockchain transactions are irreversible and the code also relies on external subgraph-sourced parameters before submitting value.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal