ClawHub

Kite Agent Smart Wallet V3

Security checks across malware telemetry and agentic risk

Overview

This wallet skill does what it says, but it gives chat commands powerful wallet authority with weak scoping and disclosure.

Review before installing. Use only a testnet or low-value wallet key, restrict who can issue `/kite` commands, and avoid adding session keys unless you understand that they may grant broad wallet control. The main concern is under-scoped financial authority, not hidden malware.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The `/kite send` path validates and spends `wallet.address`, which is the globally configured signer wallet, not a per-user wallet derived from `userId`. Any caller able to invoke this command can trigger transfers from the main signer balance, creating a direct unauthorized-drain risk rather than operating within the intended user wallet boundary.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
`addSessionKey` is called with `['0x00000000']`, which the code comments interpret as allowing all functions. This grants a session key far broader authority than a user would expect from a generic 'add authorization' command, potentially enabling full wallet control or destructive administrative actions within the session limit.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents wallet creation, balance checks, sending funds, and session/limit management through Telegram, but it provides no warning about irreversible transactions, financial risk, address verification, or private-key/session security. In a wallet-control skill, this omission can lead users to execute sensitive actions casually or misunderstand the consequences, increasing the chance of fund loss or abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes wallet creation, fund transfers, session-key authorization, and spending-limit management through simple chat commands, but provides no warnings, confirmation guidance, or explanation that these actions can be irreversible and security-sensitive. In this context, users may trigger real on-chain operations or delegate spending authority without understanding the risk, increasing the chance of loss through mistakes, phishing, or misuse of Telegram/OpenClaw access.

Missing User Warnings

High
Confidence
90% confidence
Finding
The skill exposes on-chain actions like wallet creation, transfers, session-key management, and limit updates as one-step commands with immediate execution. Because blockchain operations are irreversible and can affect real funds or permissions, the absence of a confirmation/review step materially increases the chance of accidental or socially engineered loss.

Missing User Warnings

High
Confidence
96% confidence
Finding
When adding a session key, the response does not disclose that the granted permissions are broad; instead, the transaction is submitted immediately. In this skill's context, hidden overbroad authorization is especially dangerous because it can silently delegate powerful wallet capabilities to another address.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal