ClawHub

Web3 Yield Automator PRO

Security checks across malware telemetry and agentic risk

Overview

This paid crypto automation skill should go to Review because it claims autonomous fund-moving DeFi automation but ships a local-configuration stub with unclear wallet and transaction safeguards.

Treat this as a high-risk crypto-finance tool. Do not connect funded wallets, provide seed phrases or private keys, grant token approvals, or pay for premium access unless the publisher provides a real implementation, verified package provenance, risk disclosures, transaction previews, spending limits, and an explicit dry-run/read-only mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill markets itself as an automated multi-chain DeFi yield farming tool, but the implementation only reads and writes local configuration and prints promotional placeholder text. In a financial/Web3 context, this mismatch is dangerous because users may rely on false capabilities, make trust decisions based on misleading claims, or pay for nonexistent functionality.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill advertises 'ZERO manual intervention,' cross-chain fund movement, rebalancing, and smart-contract execution without any visible warning about financial loss, smart-contract risk, approval scope, bridge risk, liquidation/slashing risk, or transaction signing. In a DeFi automation context, omission of these warnings is dangerous because users may enable live wallet-affecting automation while underestimating that the skill could move or lock real assets across multiple protocols and chains.

Missing User Warnings

High
Confidence
96% confidence
Finding
The setup flow says initialization is in 'read-only mode' but then immediately instructs the user to 'start automation' across chains without warning that subsequent steps may trigger live portfolio management or transaction requests. That transition is especially risky because users may infer the workflow remains non-destructive, when in reality DeFi automation can cause real on-chain approvals, swaps, deposits, withdrawals, and bridge operations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal