ClawHub

Kite Agent Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent wallet protocol skill, but it documents real on-chain wallet delegation and transaction execution without enough safety guidance or contract provenance.

Install only if you understand the on-chain wallet risk. Start on testnet, independently verify the Kite chain ID, RPC endpoints, contract source, ownership, and addresses, use isolated wallets with minimal funds, set narrow function allowlists and low spending limits, and require explicit approval before creating wallets, granting session keys, or executing transactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick-start shows state-changing wallet creation and session-key authorization calls without any warning that these actions can deploy contracts, grant spending authority, and incur on-chain costs. In the context of an agent wallet protocol, readers may copy-paste these examples and unintentionally authorize powerful session keys or create wallets with unsafe defaults, which increases the chance of financial loss or overbroad delegation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The usage examples show contract deployment, wallet creation, session-key addition, and delegated execution against live testnet/mainnet endpoints without any warning that these actions are on-chain, may spend funds, or may grant persistent authority. In an agent-skill context, examples are often copied verbatim or automated, so omission of explicit safety guidance can lead users or agents to authorize keys, set unsafe limits, or broadcast transactions unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal