ClawHub

Torch Market

Security checks across malware telemetry and agentic risk

Overview

The skill is a clearly disclosed Solana DeFi SDK with high-impact trading and vault actions, but the artifacts align with that purpose and show no hidden exfiltration or destructive behavior.

Install only if you are comfortable with Solana DeFi risk. Prefer read-only mode unless you need transactions, use a fresh low-balance controller key if automation is required, never provide a vault authority private key, and inspect wallet prompts for buys, sells, borrows, withdrawals, and authority transfers. Expect some token-detail and reputation features to contact SAID, CoinGecko, or token metadata URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill is presented primarily as a margin-market tool, but the documented behavior includes materially broader capabilities: token creation, vault authority operations, withdrawals, wallet linking, treasury cranks, rewards claiming, token reclamation, and external HTTP lookups. This broader operational surface increases the chance that an agent or user invokes high-risk state-changing actions without understanding them, especially because some functions can move funds, alter authority relationships, or rely on off-chain services despite the marketing language emphasizing a simpler on-chain-only model.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code transmits a wallet address to a third-party SAID Protocol endpoint without any visible consent, disclosure, or privacy controls. Wallet addresses are persistent identifiers that can be linked to on-chain activity, so sending them off-platform can expose user profiling and privacy risk even if no secret key material is involved.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The code fetches token metadata from an arbitrary URI stored on-chain, which causes the client to make outbound requests to attacker-controlled endpoints. This leaks the user's IP/network identity and can also enable tracking or delivery of oversized/malformed responses because no allowlist, content validation, or user disclosure is present.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The function performs an undisclosed request to CoinGecko whenever token details are fetched. This creates unnecessary third-party data exposure about user activity and can break privacy expectations in a supposedly read-only on-chain query path.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal