ClawHub

kaspa-wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kaspa wallet skill, but it can use wallet secrets to send funds immediately, so it needs review before use.

Review carefully before installing. Use testnet or a low-balance wallet first, avoid placing production private keys or mnemonics in shared shells or agent sessions, review or pin the `kaspa` dependency, and require your own explicit human confirmation before any `send`, `max`, or consolidation command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill requires access to sensitive environment variables and shell execution to handle private keys, mnemonics, installation, and transaction commands, but it declares no permissions. In an agent setting, this under-disclosure is dangerous because reviewers and users may not realize the skill can read wallet secrets and execute commands that move funds.

Intent-Code Divergence

Low
Confidence
77% confidence
Finding
The security note claims credentials are not stored on disk, yet the setup guidance tells users to place private keys or mnemonics in environment variables, which are commonly persisted in shell startup files or exposed to other local processes. For a cryptocurrency wallet, misleading handling guidance for seed material increases the risk of credential leakage and wallet compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to send cryptocurrency and generate wallet secrets but does not clearly warn that blockchain transactions are irreversible or that private keys and mnemonic phrases are highly sensitive credentials. In a wallet skill, missing these warnings can lead users or agents to expose secrets in logs/environment history or send funds without understanding that mistakes cannot be undone.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents fund transfers without an explicit warning that blockchain transactions are irreversible, may incur fees, and can permanently lose funds if the recipient address or network is wrong. In a wallet context, omission of these warnings materially increases the chance of harmful user error during high-risk operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs users to send their full balance to themselves to consolidate UTXOs but does not clearly warn that this still creates an on-chain transaction, consumes fees, and can fail or misdirect funds if the address or network is incorrect. Because it tells users to move their entire balance, the consequence of misunderstanding is especially severe in a cryptocurrency wallet.

Missing User Warnings

Medium
Confidence
71% confidence
Finding
The skill automatically consumes highly sensitive wallet secrets from environment variables, which is risky in agent/tooling environments where users may not realize the skill can access preloaded credentials. In a cryptocurrency wallet context, silent access to mnemonic or private key material can directly enable unauthorized signing and fund transfer if the skill is invoked unexpectedly or by a compromised workflow.

Missing User Warnings

High
Confidence
94% confidence
Finding
The send command signs and broadcasts blockchain transactions immediately with no confirmation step, dry-run default, recipient echo-back check, or irreversible-action warning. In an agent setting, this is especially dangerous because prompt mistakes, tool misuse, or malicious instruction injection can trigger permanent transfer of cryptocurrency with no recovery path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal