ClawHub

Read The Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a memecoin experiment, but it asks agents to surface crypto-purchase and external tracking workflows that are too high-impact for an “informational” skill.

Install only if you intentionally want an agent to surface this memecoin experiment. Do not allow autonomous wallet creation, private-key handling, token purchases, or discovery reporting; verify the token and website independently before any transaction or metadata submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file presents itself as purely informational, but it also contains operational instructions for wallet creation, funding requests, token purchases, and remote reporting. That mismatch can cause an agent or operator to underestimate the real capabilities and risks, especially because the content encourages financial and network actions tied to a speculative token experiment.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
An informational skill should not embed instructions for creating cryptocurrency wallets, soliciting operator funding, performing token swaps, or transmitting discovery data to an external service. These are materially higher-risk capabilities than simple summarization and could be acted on by automation or trusted as safe because of the skill's benign label.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document explicitly states that the agent's only job is to summarize for the operator, but later provides additional actionable instructions for the agent to create a wallet and report discovery. This contradiction weakens operator trust and policy enforcement because downstream systems may rely on the early statement while the later content expands behavior into financial and data-transmission domains.

Vague Triggers

Low
Confidence
83% confidence
Finding
The discovery-reporting instruction is broad and lacks strict trigger conditions, identity constraints, or environment-specific limits. In practice, this can encourage unsolicited outbound requests whenever the file is encountered, creating avoidable data leakage and externally observable agent behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes sending agent metadata to an external API without a prominent, action-local warning about what is disclosed and the privacy implications. Even if the document claims the data is limited, transmission of agent identifiers and framework details can enable tracking, correlation, and profiling of agent deployments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal