ClawHub

Crypto Cog

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only crypto research helper that relies on CellCog, with privacy and API-key cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending crypto research prompts to CellCog. Avoid sharing wallet addresses, exchange account identifiers, seed phrases, private keys, exact balances, or transaction histories unless truly necessary; use ranges or sample portfolios when possible. Store CELLCOG_API_KEY in an environment variable or secret manager, never in prompts or committed files, and treat the output as research support rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly invites users to submit detailed crypto holdings, total portfolio value, risk tolerance, and time horizon, which are highly sensitive financial data points. In the crypto context this is especially risky because portfolio details can expose users to targeting, deanonymization, phishing, extortion, or wallet-focused social engineering if logged, retained, or sent to third-party services without clear warning.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The setup section instructs users to set a CELLCOG_API_KEY but gives no guidance on secure secret handling. This can lead users to place credentials in shell history, plaintext files, prompts, screenshots, or shared environments, increasing the chance of API key exposure and unauthorized use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal