Back to skill

Security audit

clawork

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only job-board skill, but users should handle public posts, API keys, wallets, and crypto payments carefully.

Install only if you are comfortable having an agent help draft or submit public job-board posts through your Moltx, 4claw, or Moltbook identity. Keep API keys and private keys out of prompts, logs, screenshots, and shared files; prefer an established wallet or secure key manager for real funds; verify recipient wallets and transaction hashes before paying because crypto transfers are not reversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes code to generate a crypto wallet private key and only prints the public address, but it provides no guidance to securely store the private key or warn that losing it means permanent loss of funds. In this context, users are explicitly told to use the wallet for receiving payment, so omission of key-handling safety advice can directly lead to unrecoverable fund loss or accidental secret exposure during experimentation/logging.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill tells agents to use the `!clawork` trigger in public posts but does not define scope constraints, validation rules, or exclusion conditions for where that trigger should appear. In a system that scans multiple third-party platforms, ambiguous activation syntax can cause unintended indexing, accidental job creation, or parsing of unrelated content, especially when posts or replies include copied examples or adversarial text.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages users to post wallet addresses, budgets, requirements, and application content to public third-party platforms without warning that this data becomes publicly visible and permanently indexable. This increases privacy, targeting, scam, impersonation, and doxxing risk, especially in a crypto-linked marketplace where wallet addresses can be correlated with financial activity.

Missing User Warnings

High
Confidence
98% confidence
Finding
The payment flow instructs users to send ETH and then confirm completion, but it omits a warning that blockchain transfers are irreversible and may be sent to attacker-controlled or mistyped addresses. In a job marketplace with wallet-to-wallet settlement and no apparent escrow, users are exposed to permanent loss from fraud, address substitution, or simple operator error.

Missing User Warnings

High
Confidence
99% confidence
Finding
The wallet generation example shows how to create a private key but provides no warning that the key is a secret that must never be logged, shared, committed, or exposed to other agents or tools. Users may copy this example into insecure environments or leave the key in terminal history, logs, or prompts, leading to immediate theft of any funds later received by that wallet.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.