ClawHub

Kaspa Wallet

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Kaspa wallet skill, but it needs review because it can spend cryptocurrency with wallet secrets and has a higher-risk installer.

Review carefully before installing. Use a testnet or low-balance wallet first, do not place a main wallet seed phrase or private key in a shared agent environment, manually verify recipient, amount, fee, and network before every send, and consider pinning/reviewing the dependency and disabling the get-pip fallback before using real funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The installer performs multiple environment-altering actions beyond a narrowly scoped wallet runtime, including creating virtual environments, upgrading pip, falling back to user-wide package installation, and modifying package caches. While typical for installers, this broadens the trust boundary and can affect the host Python environment in ways users may not expect from a simple wallet skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code downloads and executes get-pip.py from the network at install time, which is equivalent to remote code execution within the user's environment. Even if the source is the official PyPA bootstrap URL, this creates a large supply-chain and trust risk, especially for a self-custody wallet where installation integrity is security-critical.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to export a private key or mnemonic and perform sends, but it does not warn that these are highly sensitive secrets or that blockchain transfers are typically irreversible. In an automation-focused wallet skill, missing operational safety guidance increases the chance that users or agents expose credentials in shell history/logs or send funds without adequate confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The send workflow documents commands that perform real blockchain transfers, including a `max` option, but does not prominently warn that these actions are irreversible and may drain the full wallet balance. In an agent-friendly automation context, lack of such warnings increases the chance of accidental or unsafe execution with immediate financial loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented mnemonic-generation command outputs the full recovery phrase in JSON without an accompanying warning about secrecy, one-time display, or secure backup handling. Mnemonics are equivalent to wallet ownership, so exposing them in terminal history, logs, agent transcripts, or downstream automation can directly lead to theft of funds.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer silently executes a remotely downloaded bootstrap script without an explicit warning or consent prompt. For wallet software, undisclosed remote code execution during installation is especially risky because users may assume the installer only fetches Python packages, not arbitrary executable bootstrap code.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The send command signs and submits blockchain transactions immediately once invoked, with no confirmation prompt, dry-run safeguard, or explicit review step. In an agent/automation context, this is dangerous because a mistaken argument, prompt injection, or malicious upstream instruction can irreversibly transfer funds without human approval.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script loads highly sensitive wallet secrets directly from environment variables and is designed for automation, but provides no warnings or guardrails about secret exposure through process environments, logs, shell history, or orchestration platforms. In agent-based deployments, this increases the chance that long-lived wallet credentials are broadly accessible to other tools or misconfigured execution environments.

Unpinned Dependencies

Low
Category
Supply Chain
Content
kaspa
Confidence
97% confidence
Finding
kaspa

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal