ClawHub

b402 Private DeFi

Security checks across malware telemetry and agentic risk

Overview

This skill matches its private DeFi purpose, but it gives an agent authority over real crypto funds with limited safety boundaries documented.

Review carefully before installing. Use only a dedicated wallet with limited funds, do not provide a main-wallet private key, inspect or pin the npm package before running it, verify Claude Desktop config changes, and require manual confirmation for every transaction, bridge, vault deposit, and destination address.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The install instructions state that running the command generates a wallet file and patches the user's Claude Desktop configuration, but this side effect is not presented as an explicit warning or consent boundary. In a security-sensitive skill that handles private keys and funds, silent wallet creation and config mutation can surprise users, expand attack surface, and lead to unintended credential or configuration changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool list and examples normalize powerful financial actions—swaps, bridging, private transfers, and vault deposits—without a clear, consolidated risk warning that these operations can move funds across chains, change asset exposure, incur protocol/bridge risk, and be difficult to reverse. Because this skill is specifically designed for private, cross-chain DeFi execution, missing warnings materially increases the chance of accidental or poorly understood fund movement.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal