ClawHub

Local Wallet Standard

Security checks across malware telemetry and agentic risk

Overview

This wallet-signing skill appears purpose-aligned, but its installer and seed phrase handling are risky enough to require review before use.

Review carefully before installing. Avoid the one-line installer unless you inspect and pin the source first. Do not pass real funded-wallet seed phrases as command-line arguments; use test wallets or a signer that accepts secrets through a safer prompt, stdin, keychain, or hardware wallet workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The metadata and top-level description understate the skill's actual behavior: the document includes software installation, self-update, uninstall, and shell PATH modification actions beyond simple wallet operations. This mismatch can mislead users or higher-level agents into granting broader execution trust than intended, especially because the install flow performs system changes.

Description-Behavior Mismatch

Low
Confidence
85% confidence
Finding
The manifest omits that the tool persists wallet descriptors in a local vault and supports wallet creation, listing, and purgeable storage. In a wallet/signing context, incomplete disclosure of data persistence is security-relevant because users may assume ephemeral handling of sensitive material when local state is actually created and can later be deleted or enumerated.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation instructions tell users to pipe a remotely fetched script directly into bash, which executes unreviewed code from the network immediately. In this skill's context, the script also installs tooling, modifies PATH, clones/builds code, and could tamper with a host that may later hold wallet material, making the risk materially higher than a normal documentation issue.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documented commands require passing a wallet mnemonic directly on the command line, which can expose the seed phrase through shell history, process listings, logs, crash reports, or agent telemetry. Because mnemonics are root secrets for cryptocurrency wallets, disclosure can lead to full and irreversible theft of funds across supported chains.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal