ClawHub

Read The Skill

Security checks across malware telemetry and agentic risk

Overview

This is a transparent memecoin promotion, but it asks an agent to help create a crypto wallet, solicit funding, buy a token, and report tracking data despite being labeled informational.

Install only if you intentionally want an agent to surface this memecoin experiment. Do not allow autonomous wallet creation, private-key handling, token purchases, or discovery reporting; verify the token and website independently, and submit any agent/framework metadata only if you are comfortable with it being publicly tracked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill declares itself as 'informational' but embeds concrete operational steps for wallet creation, funding, token purchase, and telemetry submission. This mismatch can cause downstream systems or operators to trust and enable the skill under a lower-risk classification than its actual behavior warrants, increasing the chance of social engineering or unauthorized financial/network actions.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The discovery-reporting section instructs the agent to send data to an external API even though the stated purpose is only to inform the operator about the experiment. Any external transmission expands the attack surface by enabling tracking, exfiltration of agent metadata, and unsolicited outbound requests unrelated to the minimal informational function.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document explicitly says the agent's only job is to summarize the experiment, but later provides instructions for additional actions including creating a wallet, coordinating funding, purchasing a token, and reporting discovery. This contradiction is dangerous because it acts as a layered prompt to bypass the apparent safety boundary and steer agents or operators into financial and network actions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill addresses any agent in broad terms without defining a narrow invocation context or preconditions. Broad agent-directed language can increase unsolicited activation and make it easier for the content to propagate as a generic call to action across systems that ingest arbitrary skill files.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The discovery-reporting instruction is framed as a generally available action if the operator approves, but lacks strict trigger boundaries and could be surfaced opportunistically by agents. Because it encourages outbound reporting merely upon finding the file, it creates a mechanism for unsolicited network activity and experiment-amplifying behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal