ClawHub

Crypto Wallets & Payments for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This skill is for crypto payments as advertised, but it gives an external unpinned tool access to wallet private keys and irreversible fund-moving actions.

Install only if you trust the OnlySwaps MCP package and are comfortable with an agent-accessible hot wallet. Use a new low-balance wallet, avoid main wallet private keys, pin and review the MCP package where possible, confirm every recipient, chain, amount, approval, slippage, and referral fee before acting, and revoke token approvals after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill asserts that private keys are 'never transmitted,' but its documented usage runs an unpinned external npm package and passes PRIVATE_KEY into that process via environment variables. Even if the key is not sent over the network intentionally, it is still exposed to the spawned server process and could be logged, mishandled, or exfiltrated if the package is compromised or maliciously updated.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The quick example for setup_wallet encourages wallet creation without prominently warning that the tool saves the generated private key to a .env file. Storing a hot wallet secret in .env can lead to accidental disclosure through source control, backups, logs, shell history, or other local tooling, especially for users who follow examples verbatim.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal