ClawHub

$CLAW Mining - Proof of AI Work

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real CLAW mining skill, but it can automatically use a hot wallet private key to spend gas and call paid third-party APIs.

Review carefully before installing. Use only a dedicated low-balance hot wallet, never a main wallet or seed phrase, inspect and pin the exact code you run, avoid custom AI endpoints unless you trust them, monitor API and gas spending, and run auto mode only when you intentionally want ongoing mining.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill requires a generic AI API key and configurable AI endpoint/model even though the user-facing description frames it as a simple token-mining action. That expands trust assumptions and introduces off-chain third-party data flow and billing risk that a user may not reasonably expect from an Ethereum minting skill.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
A customizable taskPrompt allows arbitrary AI work generation rather than a narrowly bounded mining operation. In context, this broadens the skill's behavior beyond what users are told to expect and could be abused to make the system perform unintended external requests or costly AI tasks in support of 'mining.'

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Allowing arbitrary custom AI API URLs expands the trust boundary far beyond what a token-mining skill needs. A user can be induced to send prompts, API keys, and potentially other sensitive workflow data to an attacker-controlled endpoint, creating a realistic exfiltration and phishing surface.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The absolute claim that the private key 'is NEVER sent anywhere' is not justified by this file's broader support for user-defined external services and creates unsafe user trust. Even if this file itself does not transmit the key, such guarantees are dangerous because they can cause users to disclose highly sensitive wallet material with reduced caution.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation phrase "mine CLAW" is overly broad for an agent skill that handles wallet, API, and RPC configuration and may initiate blockchain transactions. A generic phrase increases the chance of accidental activation in normal conversation, which is especially risky in a crypto-mining context where the agent may prompt for secrets or perform costly on-chain actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "Help me set up CLAW mining" overlaps with ordinary help-seeking language and does not clearly distinguish between informational assistance and operational execution. In this skill's context, ambiguity is dangerous because setup involves sensitive credentials and can lead to automated mining behavior, API usage charges, and blockchain transactions.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The activation phrase 'mine CLAW' is short and generic enough that it could be triggered during ordinary discussion of mining or token-related topics, especially in an agent ecosystem that auto-routes by natural language. Accidental activation is risky here because the skill can lead users into cloning code, configuring credentials, and ultimately signing Ethereum transactions. The financial and credential-handling context makes accidental invocation more consequential than for a read-only skill.

Vague Triggers

Low
Confidence
91% confidence
Finding
The trigger phrase "Help me set up CLAW mining" is broad and resembles ordinary user conversation rather than a narrowly scoped command. On platforms that activate skills from natural-language matches, this can cause unintended activation of a mining workflow that solicits sensitive configuration data such as API keys and guides the user toward handling a private key for a wallet, increasing the chance of accidental enrollment in a financial operation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly describes an automated flow that reads chain state, calls external AI and oracle services, and submits a mint() transaction on-chain, but it does not clearly warn users that installation/use will trigger blockchain transactions and transmit data to third parties. In an agent-skill context, 'the agent handles everything automatically' increases risk because users may delegate actions without understanding wallet exposure, gas costs, or off-platform data sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code directly performs state-changing blockchain transactions via updateSeed() and mint() using a configured wallet, with no confirmation, approval gate, or explicit user-facing warning in this layer. In the context of an auto-executing mining skill that advertises 'the agent handles everything automatically,' this increases the risk of unintended on-chain actions, gas expenditure, and signing behavior occurring without informed user consent.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The code requires an AI_API_KEY without any indication in this module that users will need to supply credentials for a third-party AI service. While not an exploit by itself, this is a real security transparency issue because users may unknowingly grant external-service access and incur charges outside the advertised Ethereum workflow.

External Transmission

Medium
Category
Data Exfiltration
Content
|----------|-------------|---------|
| `PRIVATE_KEY` | Miner wallet private key | (required) |
| `AI_API_KEY` | OpenAI-compatible API key | (required) |
| `AI_API_URL` | Chat completions endpoint | `https://api.x.ai/v1/chat/completions` |
| `AI_MODEL` | Model name (must match on-chain Era model) | `grok-4.1-fast` |
| `ORACLE_URL` | Oracle server URL | `http://localhost:3000` |
| `RPC_URL` | Ethereum RPC URL | (required) |
Confidence
81% confidence
Finding
https://api.x.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal