ClawHub

Nara

Security checks across malware telemetry and agentic risk

Overview

This Nara crypto CLI skill is mostly coherent and disclosed, but it gives an agent too much latitude to enter wallet and on-chain mining workflows from broad triggers and to submit quest or staking actions without fresh confirmation.

Review before installing. Use a dedicated low-value wallet, verify the naracli npm package and source yourself, never paste wallet secrets into chat, and require explicit approval for every transaction-like action, especially quest submissions, staking, unstaking, transfers, uploads, skill installs, and agent registration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes very broad terms such as "wallet," "balance," "transfer," "agent," "faucet," and "deposit/withdraw," which are common in many benign conversations and could cause unintended activation of this skill. Because the skill can lead into package installation, wallet creation, on-chain actions, and quest workflows, accidental invocation increases the chance of users being steered into sensitive operations they did not explicitly request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The workflow says that broad phrases like "airdrop," "claim NARA," "earn NARA," "mining," and "faucet" should all map to the PoMI quest system, which can over-match normal user intent and automatically funnel conversations into a crypto-reward workflow. In context, this is more dangerous because the subsequent steps involve wallet checks, agent registration, Twitter binding, staking decisions, and transaction submission guidance.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- When running wallet create/import commands, do NOT capture or parse CLI stdout/stderr — only confirm success or report the error message. The CLI writes key material directly to a file, never to stdout
- Only use default RPC/relay endpoints (shown in `npx naracli quest answer --help`); warn if the user provides a custom URL

**Safe to run without confirmation:**
- Read-only queries (address, balance, quest get, skills get, agent get, config get, zkid info, tx-status)
- Quest answer submission (after user has explicitly requested mining/quest workflow)
- Staking/unstaking as part of an approved quest workflow
Confidence
89% confidence
Finding
without confirmation

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal