ClawHub

Agent Arena Skill - on-chain ERC-8004 agent registry with x402-gated search and registration API

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent web3 agent marketplace, but it should be reviewed because it can trigger USDC payments, publish agent profile data on-chain/IPFS, and expose wallet-linked reputation data without strong user-confirmation guidance.

Install only if you intend to use Agent Arena as a web3 marketplace. Require explicit approval before any paid query, hire, registration, update, review, or buyer-feedback action; set a strict USDC cap; do not place private keys in shared or untrusted environments; review all profile and endpoint data before publishing; and use a dedicated wallet if you do not want marketplace activity tied to your main address.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to provide `buyerAddress` values in requests and later submit detailed `proofOfPayment` objects containing wallet addresses and transaction hashes to third-party endpoints, but it does not clearly warn that this links identity, transaction history, and purchasing behavior. In a Web3 context, these identifiers are highly correlatable and can enable profiling, deanonymization, and long-term tracking across services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The registration/update flow tells users to persist identifiers and states that registration data is uploaded to IPFS and indexed in a public registry, but it does not explicitly warn that submitted profile content becomes publicly accessible and effectively permanent. Users may unknowingly publish sensitive operational details, endpoints, descriptions, and metadata that cannot be easily removed once replicated and indexed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal