ClawHub

Mrxlolcat Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not clearly malicious, but it asks for broad Web3, Farcaster posting, and long-term memory authority without enough user control or privacy detail.

Review carefully before installing. Use it only with explicit previews and confirmations for every wallet action, fee, recipient, Farcaster post, attachment, and transaction link. Avoid enabling long-term memory or remote service access unless you are comfortable with wallet and Farcaster activity being stored or processed by the publisher's services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises a text-to-speech 'Voice Casts' capability through an ElevenLabs bridge, but that capability is not reflected in the manifest's allowed tools. This creates an instruction/permission mismatch that can mislead an orchestrator or reviewer about what the skill may attempt to do, increasing the chance of undeclared external actions or policy bypass through Fetch-based calls.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The manifest allows only Fetch, yet the instructions tell the agent to use a separate `publishCast` tool. This is a direct capability mismatch that can lead to unauthorized posting logic being invoked through undeclared pathways, or encourage the agent to improvise equivalent network actions via Fetch to perform social publishing without explicit approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises long-term memory in Pinecone but provides no notice about what user data is stored, how long it is retained, or how users can opt out or delete it. Because this agent targets Farcaster users and recurring identity-linked interactions, silent persistence can expose behavioral history, wallet-associated context, or personal data beyond user expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises long-term memory in Pinecone but provides no notice about what user data is stored, how long it is retained, or how users can opt out or delete it. Because this agent targets Farcaster users and recurring identity-linked interactions, silent persistence can expose behavioral history, wallet-associated context, or personal data beyond user expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that it 'automatically applies a 0.1% platform fee' but does not require a clear user-facing disclosure before directing the user toward execution. In a financial bridging context, hidden or insufficiently disclosed fees can mislead users into authorizing transactions under incomplete cost information, which is especially risky because the skill is designed to steer real on-chain actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to request a transaction hash 'for archival in Pinecone memory' without any privacy notice, retention explanation, or consent step. Transaction hashes can be linked to wallet activity and broader on-chain identity, so storing them in long-term memory may expose sensitive behavioral and financial metadata beyond what users reasonably expect.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger description is broad enough that the skill may activate for loosely related social requests, increasing the risk of unintended invocation. In a skill that can draft or publish public content, overbroad routing can cause accidental social actions, confusion about user intent, or execution in contexts where explicit consent was not given.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automated social publishing behavior without warning the user that content may be posted publicly or attributed to their Farcaster identity. In a social-posting context, this makes the issue more dangerous because automated casts can create reputational harm, leak transaction context, or publish unwanted content without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal