ClawHub

Stakingverse Lukso

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it signs real LUKSO mainnet staking transactions with a raw controller private key and does not provide enough safeguards or warnings for fund-moving operations.

Review carefully before installing. Use only a dedicated low-permission controller key, verify the Stakingverse vault and Universal Profile/Key Manager addresses independently, avoid pasting long-lived private keys into shell history, and start with a small amount. Treat stake, unstake, and claim commands as real LUKSO mainnet transactions with gas costs, delays, and possible irreversible asset effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The required credentials section is incomplete because the transaction examples depend on KEY_MANAGER but it is not declared alongside the other required variables. Incomplete credential disclosure leads to misconfiguration and encourages users to improvise or fetch addresses dynamically without understanding the trust boundary, which is especially risky when controlling a Universal Profile that can move funds.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to export a controller private key as an environment variable but provides no warning about the sensitivity of that secret, how to store it safely, or the risk of shell history, process inspection, logging, and accidental disclosure. In a staking skill, compromise of this key could allow unauthorized control over a Universal Profile controller and direct loss of funds or unauthorized staking/unstaking actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README gives direct commands for staking, burning sLYX for withdrawal requests, and claiming funds without warning that these actions affect real assets, may be irreversible once submitted, and depend on smart-contract and oracle behavior. In this context, users may execute fund-moving commands on mainnet without understanding lockup delays, withdrawal processing uncertainty, transaction finality, or contract risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs users to place a controller private key in an environment variable with no security guidance, despite that key being able to authorize blockchain transactions. In this staking context, compromise or mishandling of the controller key could let an attacker execute unauthorized calls through the KeyManager/UP flow and affect user funds.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick-start section presents stake, unstake, and claim commands without a prominent warning that these are live, irreversible on-chain operations involving real funds and gas costs. In a financial skill that signs transactions, that omission makes accidental loss more likely because users may treat the examples like harmless demos rather than production fund movements.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script reads a raw private key from an environment variable and immediately uses it to create a signer capable of submitting on-chain transactions. In an agent-skill setting, this is sensitive because secrets may be injected into automation environments, logs, crash reports, or misconfigured deployments, and compromise of the key would let an attacker act with the authority granted to that signer, potentially including controlling claim execution through the Key Manager. The staking context increases risk because the signer is directly tied to asset movement workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal