ClawHub

Ape.Store Token Create

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built to deploy real Base-network tokens, but it asks for a raw wallet private key and can send irreversible transactions without a clear confirmation step.

Install only with a dedicated low-value wallet, not a main wallet. Treat every invocation as a real public Base-chain deployment that can spend gas and be irreversible, verify the installed entrypoint and contract/API details, and only provide image files intended for upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

High
Confidence
97% confidence
Finding
The installation guide instructs the user to place a wallet private key directly into configuration, which normalizes unsafe secret handling and increases the chance of key exposure through files, logs, backups, source control, or other local compromise. In the context of a skill that performs blockchain transactions, compromise of that key can lead directly to unauthorized transfers, token operations, and total wallet loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage instructions tell the user to trigger token creation but do not clearly warn at the point of use that this performs live on-chain transactions and will spend funds for gas. Because this is an agent skill that may abstract away transaction details, missing warnings can cause users to initiate irreversible blockchain actions without fully understanding the financial consequences.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to execute a bash command that deploys a real token on a live blockchain, which is an irreversible external action with financial, legal, and reputational consequences. It provides no required confirmation, risk disclosure, dry-run mode, environment restriction, or transaction review step before execution, making accidental or prompt-induced deployment significantly more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest explicitly defines a `privateKey` configuration field, which encourages users to supply highly sensitive wallet credentials to the skill. In a blockchain token-creation context, compromising or mishandling that key could let an attacker drain funds, deploy unauthorized contracts, or impersonate the user on the BASE network; the absence of any warning or safer alternative increases the risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directly accepts a raw private key and immediately constructs a signing wallet from it, which encourages unsafe secret handling in application inputs and runtime memory. In an agent/skill context, this is risky because users may paste sensitive credentials into an environment that may log, persist, or expose them through surrounding tooling, even if this file itself does not explicitly exfiltrate the key.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-supplied token metadata and optionally a local file specified by imagePath to a third-party API, which creates an external data transmission boundary. This is dangerous because local file contents may be uploaded off-system without clear disclosure, and the path is user-controlled, so users could inadvertently transmit sensitive local files rather than just intended image assets.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill submits a live blockchain transaction that deploys a token contract, which is a state-changing and potentially irreversible financial operation. In an agent setting, the lack of an explicit confirmation step, transaction preview, network verification, and cost disclosure materially increases the chance of accidental deployment, wasted funds, or unintended on-chain activity.

Missing User Warnings

High
Confidence
96% confidence
Finding
The manifest explicitly defines a `privateKey` configuration field, which encourages operators to supply a raw blockchain private key directly to the skill. This creates a high-risk secret-handling pattern because private keys grant full control over on-chain assets and transactions, and the manifest provides no warning, secure storage guidance, or safer alternative such as wallet delegation or signing via a secure provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal