ClawHub

Abstract Onboard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Abstract blockchain toolkit, but it can move real funds and includes unsafe defaults that need human review before use.

Review the exact scripts you plan to run before installing. Use only a dedicated low-balance wallet, avoid pasting a primary private key into shared shells or logs, verify every recipient, spender, contract, route, chain, market, and amount, and avoid the full-balance bridge and zero-minimum-output swap scripts with meaningful funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill exposes capabilities that clearly require sensitive resources like environment variables and outbound network access, yet it declares no permissions. In this context, the skill is designed to handle private keys, bridge assets, trade, deploy contracts, and call arbitrary contracts, so hidden or undeclared access materially increases the risk of silent fund movement, secret use, and unintended external interactions.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The script parses a user-provided slippage value but then hard-codes amountOutMinimum to 0, disabling slippage protection entirely. This allows swaps to execute at any output amount, exposing users to severe sandwich attacks, MEV exploitation, and catastrophic price impact on illiquid pools.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is overly broad and overlaps with many generic blockchain tasks, making it likely to be invoked in situations beyond the user's specific intent. Because this skill includes high-risk operations such as deploying contracts, bridging, swapping, transferring assets, and arbitrary contract calls, ambiguous invocation boundaries can cause an agent to select it when a narrower, safer tool should have been used.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Claiming the skill provides 'everything an AI agent needs to operate on Abstract' encourages catch-all selection and weakens routing boundaries. In a financial and smart-contract context, such broad framing is especially dangerous because the skill contains arbitrary contract interaction and value-moving workflows that should only be used under precise, user-confirmed conditions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to export a raw private key into an environment variable and run a script, but it does not pair that guidance with explicit secret-handling precautions. In an agent skill that may be automated, logged, or run in shared shells/CI, this increases the chance of accidental key exposure through shell history, process inspection, logs, or misconfigured environments, which could lead to wallet compromise and theft of on-chain assets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to export a raw wallet private key into an environment variable and run scripts against mainnet without any warning about secure key handling. While this is a common developer pattern, omitting guidance on safer alternatives and operational precautions increases the chance of key leakage through shell history, logs, misconfigured environments, or reuse of a high-value key in automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document provides concrete instructions and code for buying, selling, and claiming winnings on a real-money prediction market, but it does not include an explicit warning that these actions can move funds, incur slippage/fees, and are generally irreversible once submitted on-chain. In an agent-skill context, this omission is risky because an automated system may execute transactions directly from the documentation, increasing the chance of unintended financial loss or user harm.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script performs a live, irreversible on-chain swap while silently using amountOutMinimum = 0, without any explicit warning that the trade has no effective price protection. In a trading skill context, that makes the issue more dangerous because agents or users may reasonably assume the provided slippage argument is honored and proceed with real funds at extreme execution risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script loads a live private key and immediately makes an external quote request using the wallet address without any user consent, confirmation, or disclosure. In an agent-skill context, this is dangerous because an automated agent could silently expose account metadata to a third party and proceed toward fund movement based on remote responses.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script bridges essentially the entire USDC balance and executes transaction steps returned by a remote API without any approval screen, transaction preview, or human confirmation. Because bridging is irreversible and the API controls the transaction payloads, an automated run could move funds unexpectedly or to attacker-influenced calldata if the upstream service were compromised or misused.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script can submit an unlimited ERC-20 approval and then immediately execute a buy transaction without any interactive confirmation or dry-run safety gate. In the context of an agent skill for live on-chain trading on Abstract mainnet, this is especially dangerous because malformed CLI input, bad market metadata, or unintended autonomous invocation can cause irreversible fund loss and leave a standing unlimited allowance that increases blast radius if the spender contract is compromised or misused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup guide instructs users to export a raw private key into an environment variable without any warning about secret handling, shell history exposure, process inspection, or safer alternatives. In the context of a blockchain agent skill that will control funds and deploy contracts, normalizing direct private-key handling materially increases the chance of credential compromise and asset theft.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script performs an unlimited ERC-20 approval and then executes a live swap on mainnet with no confirmation gate, dry-run mode, slippage protection, or validation of the target pool parameters. In an agent skill context, this is especially dangerous because an automated system could trigger irreversible financial transactions and expose the wallet to ongoing spend risk from the MaxUint256 approval if the router is wrong, upgraded maliciously, or later compromised.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script performs two irreversible on-chain write actions automatically: an unlimited token approval and a swap, with no interactive confirmation, simulation gate, or explicit dry-run mode. In the context of an agent skill meant to trade and move assets on mainnet, this is dangerous because a mistaken invocation, bad routing assumption, compromised dependency, or manipulated parameters can immediately authorize broad token spending and execute value-moving transactions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script signs and submits live approval and swap transactions immediately after parsing CLI arguments, with no explicit user confirmation, dry-run mode, or secondary validation of the resolved token/router parameters. In a skill intended for autonomous agent use on mainnet, this increases the risk of accidental or prompt-induced irreversible asset movement, especially because approvals and swaps cannot be rolled back once mined.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This script performs an immediate on-chain transfer using a locally supplied private key as soon as CLI arguments are parsed, with no confirmation prompt, no dry-run mode, and no destination/amount validation beyond presence checks. Because blockchain transfers are irreversible, any operator error, prompt-injection-driven misuse by an agent, or malformed input can directly cause permanent loss of ETH or tokens; in this skill context, that risk is elevated because the tool is explicitly designed for autonomous asset movement on mainnet.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal