ClawHub

Kite Agent Smart Wallet Permissionless Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only blockchain wallet skill whose sensitive wallet and session-key examples are aligned with its stated purpose, but users should handle them carefully.

Install only if you are comfortable reviewing blockchain wallet actions. Use testnet first, verify contract addresses and RPC endpoints from official Kite sources, decode every transaction before signing, keep session-key limits narrow, avoid mainnet funds unless you understand the risk, and revoke session keys when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README provides copy-pastable examples that create a wallet and authorize a session key, but it does not warn that these actions trigger real on-chain state changes and delegate spending authority. In the context of an AI-agent smart wallet, readers may grant permissions or limits they do not fully understand, which can lead to unauthorized transactions, fund loss, or persistent over-privileged agent access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage section shows wallet creation, session-key provisioning, and privileged transaction execution against deployed contracts without any warning that these actions can create live on-chain state, delegate authority, and potentially spend funds. In an agent skill context, examples are often copied verbatim or operationalized by automation, so omitting safety guidance materially increases the risk of unintended wallet deployment, overbroad permissions, or irreversible transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal