ClawHub

Senddy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Senddy wallet guide, but its examples under-protect real-money wallet operations and seed storage.

Review carefully before using with real funds. Treat the examples as development sketches, not production-safe wallet infrastructure: use a low-balance dedicated wallet, store seeds in a real secret manager or encrypted key store, review and pin @senddy/node, and do not run the daemon unchanged. Add authentication, explicit approvals, spend limits, recipient allowlists, logging, and clear withdrawal warnings before allowing an agent or local process to transfer or withdraw USDC.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The example claims to save the seed to an encrypted file, but it actually writes plaintext hex to disk with restrictive file permissions only. That mismatch is dangerous because developers may rely on the comment and store wallet seed material unencrypted, allowing full wallet compromise if the host, backups, logs, or filesystem are exposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill demonstrates direct fund-moving operations (`transfer`, `withdraw`) immediately after balance checks without any warning about irreversible effects, recipient verification, amount validation, or confirmation UX. In an agent-skill context, users may copy this pattern into autonomous or semi-autonomous systems, increasing the chance of accidental or unauthorized transfers.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells users to set `SENDDY_API_KEY` in the environment and elsewhere uses raw seed material (`AGENT_SEED_HEX`) but does not clearly emphasize that the seed controls the wallet and that leakage of either secret can enable unauthorized wallet operations or service abuse. Because this skill is for payment agents and server-side apps, insufficient secret-handling guidance materially raises the risk of credential exposure through logs, process listings, shell history, or source control.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manifest explicitly promotes seed-based key management, gas-sponsored transactions, and headless wallet operation for private USDC transfers, but provides no warning that the skill will handle highly sensitive wallet secrets or initiate real financial transactions. In an agent context, this omission can lead operators to expose seed material to automation pipelines or permit unattended transfers without understanding the security and custody risks.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The examples expose transfer and withdrawal capabilities in an agent-oriented daemon without an explicit warning that these operations move irreversible funds. In the context of payment agents and bots, omission of safety guidance can lead to accidental transfers, misuse by connected tooling, or production deployment without approval controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The seed-management example writes highly sensitive wallet seed material to disk while the surrounding guidance does not clearly emphasize that the shown code stores plaintext secrets. Because the seed controls private stablecoin wallets, disclosure enables total loss of funds and persistent compromise across derived wallets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal