ClawHub

NexusWeb3 Utility Infrastructure

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is not malware, but it needs review because it says it is read-only while giving actionable examples for fee-bearing blockchain transactions.

Install only if you want a NexusWeb3 protocol reference and will treat transaction examples as documentation, not permission to transact. Do not connect a signing wallet or approve ETH, USDC, or NEXUS operations from this skill without independently verifying the contract, amount, recipient, fee, lock period, and permanence of any on-chain data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill markets itself as a read-only API reference, but extensively documents fee-bearing, state-changing contract calls such as scheduling tasks, voting, messaging, staking, auctions, and split payments. This mismatch can mislead users or downstream agents into believing operations are non-destructive and safe, increasing the likelihood of unintended transactions, fund movement, and irreversible on-chain actions.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file explicitly says write operations belong in a different skill, then immediately provides detailed instructions for those same write operations. That contradiction undermines safety boundaries between skills and can cause an agent or user to ignore intended controls, especially if tooling routes requests based on the 'read-only' description.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The storage section encourages persistent on-chain key-value storage and access sharing, including language about reading 'private keys,' without warning that blockchain storage is fundamentally inappropriate for secrets. Users may store sensitive material or broadly grant access under the mistaken belief that access control makes on-chain secrets safe, leading to credential exposure or long-term data leakage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The messaging section describes a permanent on-chain inbox but does not warn that message contents are immutable, public or broadly observable, and unsuitable for sensitive information. Users may send operational details, credentials, business data, or personal information that cannot be retracted once published on-chain.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal