ClawHub

Verified Agent Nifey

Security checks across malware telemetry and agentic risk

Overview

This identity skill fits its stated purpose, but it needs review because it can store long-lived private identity keys in plaintext by default.

Install only if you are comfortable creating persistent agent identity keys on this machine. Set BILLIONS_NETWORK_MASTER_KMS_KEY before creating or importing any identity, avoid using valuable wallet private keys, do not pass secrets through command-line arguments, and only sign or link challenges you intentionally trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares only a binary requirement and optional environment variable, but its documented behavior clearly depends on network access and sensitive environment-backed key handling. Missing explicit permission declarations weakens sandboxing and review controls, making it easier for an agent to use network and secret-dependent capabilities without transparent user approval.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The list() method returns every stored private key in raw form, not just metadata such as aliases. That creates a broad secret-exfiltration surface: any caller with access to this API can enumerate and recover all keys at once, which is far more dangerous than a narrowly scoped get-by-alias operation and exceeds what is typically needed for identity verification workflows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README explicitly instructs users to pass an Ethereum private key via a command-line argument, which can expose the secret through shell history, process listings, audit logs, and CI job output. In a skill centered on identity and key management, this is especially risky because compromise of the private key directly enables identity takeover and fraudulent proof generation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill states that kms.json may contain private keys in plaintext when BILLIONS_NETWORK_MASTER_KMS_KEY is not set, yet it does not present a strong warning or fail-closed behavior before identity creation and linking flows. Storing long-lived identity keys unencrypted on disk materially increases the chance of account takeover and identity theft if the host, user account, backups, or logs are exposed.

Missing User Warnings

High
Confidence
99% confidence
Finding
If no master key is configured, _encodeEntry() writes private keys directly to disk in plaintext. For a component handling agent identity credentials, this is highly dangerous because compromise of the file system, backups, logs, or developer workstations would immediately expose signing keys and allow impersonation, fraudulent attestations, or persistent account takeover.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal