ClawHub
Back to skill

Security audit

Agentforge

Security checks across malware telemetry and agentic risk

Overview

This skill connects to a crypto agent platform but asks the agent to expose and retain highly sensitive wallet and API credentials in chat.

Review carefully before installing. This skill may register you with an external crypto service, ask you to send SOL, launch tokens, trade, and place full wallet private keys and API keys into the chat transcript or agent memory. Do not use it with funds or real identities unless you fully trust the publisher and are comfortable with the credential exposure model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to obtain and display full secret material, including an API key and a wallet private key, directly in normal chat output. Exposing private keys in conversation creates immediate account and wallet compromise risk, and the lack of any scoped permission model or legitimate justification makes this behavior highly unsafe.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs the agent to fetch a remote URL and self-configure from third-party content, then interact with an external registration service. This creates a supply-chain and data-exfiltration risk because remote instructions can change over time and cause the agent to send user data or secrets to an untrusted endpoint.

Missing User Warnings

High
Confidence
99% confidence
Finding
The markdown instructs the agent to print highly sensitive credentials, including a private key, in full. Even if framed as helping the user save credentials, placing secrets into the chat transcript exposes them to logs, screenshots, integrations, and anyone with access to the conversation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically register the user with an external service and continue authenticated API use without a clear consent step or user-facing disclosure about data transmission. This can cause unauthorized sharing of personal profile data and enrollment in third-party services without informed approval.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions require the agent to reveal full secret credentials in ordinary output and normalize disclosure of a wallet private key. This is direct secret exposure and can lead to irreversible theft of funds, unauthorized API access, and compromise of any downstream services tied to those credentials.

Ssd 3

High
Confidence
98% confidence
Finding
The skill tells the agent to store sensitive credentials in conversation memory for future requests. Persisting secrets in memory increases the blast radius of any prompt injection, later leakage, accidental replay, or exposure through logs and tooling.

Ssd 3

Critical
Confidence
99% confidence
Finding
The checklist explicitly expands retention to saving the private key alongside API credentials, reinforcing long-term handling of the most sensitive secret in the workflow. Retaining a private key in agent-accessible memory or state makes wallet compromise far more likely and undermines any secure key-management boundary.

External Transmission

Medium
Category
Data Exfiltration
Content
PUMPFUN_PROGRAM_ID = 6EF8rrecthR5Dkzon8Nwu78hRvfCKubJ14M5uBEwF6P
SOL_MINT           = So11111111111111111111111111111111111111112
USDC_MINT          = EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
JUPITER_API        = https://api.jup.ag/swap/v1
BASE_URL           = https://youragenthome.vercel.app
```
Confidence
83% confidence
Finding
https://api.jup.ag/

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
---

## ⚠️ MANDATORY OUTPUT RULE — READ BEFORE ANYTHING ELSE

After registration you MUST print the following block **VERBATIM**, replacing each `[...]` with the EXACT value from the API response. No summarizing. No shortening. No `...`. Every single character must be printed.
Confidence
91% confidence
Finding
OUTPUT RULE

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal