ClawHub

moonfun_sdk

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for BSC token creation and trading, but it handles wallet-backed financial actions and sends signed image-generation requests over an unencrypted HTTP endpoint.

Install only with a dedicated low-balance wallet, not a primary wallet. Avoid the default HTTP image endpoint on untrusted networks; configure an HTTPS or self-hosted image API if possible. Treat prompts, images, token metadata, wallet address, and signatures as data shared with external services. Review transactions before calling create_meme, buy_token, or sell_token, and be especially careful with experimental trading because quote failures can submit trades with min_received set to 0.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation makes an absolute assurance that private keys are 'NEVER transmitted' while also describing a remote authentication flow based on signatures derived from that key. Even if the raw key is not sent, signatures are security-sensitive artifacts and the claim can mislead users about what cryptographic material is shared with external services and under what trust model.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The skill documents conflicting image API endpoints between the default configuration and hosted-services sections, which can cause users to send prompts, signatures, or requests to an unexpected remote service. In a tool that handles wallet-backed actions, endpoint ambiguity weakens trust and increases the risk of misconfiguration or accidental data disclosure.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document explicitly lists the Image Generation API endpoint as `http://moonfun.site`, meaning wallet addresses, timestamps, and signatures are sent without transport encryption. Even if private keys are not transmitted, plaintext HTTP enables interception and modification of authentication material and metadata, and the surrounding security language may mislead users into assuming network confidentiality that does not exist.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
This is a true vulnerability because the class documentation explicitly states that the private key never leaves the class, yet the public private_key property returns the raw secret to any caller. Exposing a signing key defeats the main security boundary of the component: any code with an AuthManager reference can exfiltrate the key, impersonate the wallet owner, and produce arbitrary signatures outside the intended API flows.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The sell flow likewise sets min_received to 0 when quote retrieval fails, removing the only on-chain protection against receiving an arbitrarily small amount of BNB. In thin or manipulated markets this can let a sale clear at a catastrophic price, especially under MEV/front-running conditions.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The sell flow likewise sets min_received to 0 when quote retrieval fails, removing the only on-chain protection against receiving an arbitrarily small amount of BNB. In thin or manipulated markets this can let a sale clear at a catastrophic price, especially under MEV/front-running conditions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README presents a quick-start flow that initializes the SDK and creates a token before clearly warning that user prompts, token metadata, and uploaded images may be transmitted to third-party hosted services. In a blockchain and wallet-related SDK, this can mislead users into sharing sensitive or proprietary content under the assumption that only on-chain actions occur, increasing privacy and operational risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API examples for token creation and trading present one-call methods that trigger real BSC transactions, but they do not clearly foreground that these are irreversible, fee-incurring on-chain actions. In the context of a blockchain SDK that takes a private key and spends BNB, insufficient warning materially increases the chance of accidental financial loss.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The hosted image generation service is described without a clear privacy notice that user prompts and associated request metadata are transmitted to an external service. Because prompts may contain sensitive business ideas or personal content, and requests are tied to wallet-based authentication, the omission creates meaningful privacy and attribution risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes a hosted image generation service as a default without clearly warning that user prompts and generated content are transmitted to a third-party endpoint. In a crypto SDK that also handles wallet operations, users may reasonably assume all processing is local, so this omission can lead to unintended disclosure of sensitive prompts, branding plans, or other proprietary content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented workflow states that the SDK signs messages, uploads images, and creates metadata on external platform services, but it does not provide a prominent upfront warning that wallet addresses, signatures, and token metadata are sent off-device. Even if private keys remain local, exposing signatures and identity-linked blockchain data to remote services can create privacy, tracking, and trust risks, especially in a financial/blockchain context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation discusses authentication, cookies, signatures, and service logging but fails to clearly warn that the image generation endpoint uses plain HTTP. This omission can cause users to trust the channel as secure and send signed requests over an interceptable connection, increasing the risk of replay, tracking, or request tampering.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code constructs, signs, and broadcasts a value-bearing transaction that sends CREATE_FEE_BNB to a contract without any explicit confirmation, disclosure, or policy gate in this layer. In an SDK or agent context, this can cause unintended on-chain spending if called by higher-level automation or untrusted inputs, especially because the transaction is immediately signed with the configured private key and awaited to completion.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
On 422 responses, the client includes the full outbound payload in raised exceptions, exposing the prompt, address, timestamp, and especially the signature. Exception messages are often logged, surfaced to monitoring systems, or shown to upstream callers, creating a sensitive-data leakage path that could aid replay attempts within any validity window, leak user data, and expose authentication material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal