ClawHub

Moralis Streams Api

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Moralis Streams API helper, but it can use your Moralis API key to create, change, delete, and replay webhook streams.

Install only if you want an agent to help manage Moralis Streams. Keep MORALIS_API_KEY in an environment variable or ignored .env file, use trusted HTTPS webhook endpoints, avoid public request-bin URLs for real data, mask secretKey and signatures, and require explicit confirmation before deleting streams, replaying webhooks, changing webhook URLs, enabling all-address monitoring, or updating project settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The webhook verification example is insecure because it computes a plain hash of `body + secret` using `sha3` and compares it directly to the header value. Signed webhook verification normally requires the provider's exact signing scheme, typically an HMAC over the raw request body with constant-time comparison; a simplified example like this can cause developers to implement broken verification and accept forged webhook payloads.

Intent-Code Divergence

Low
Confidence
97% confidence
Finding
The documentation swaps the meanings of `filterPossibleSpamAddresses` and `demo`, which can cause users or downstream agents to set the wrong option. While this is not an exploit primitive by itself, it is a real security-relevant documentation flaw because it can disable intended spam filtering or unintentionally enable demo behavior, leading to misconfiguration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tutorial repeatedly instructs users to configure webhook endpoints that will receive blockchain event payloads, including wallet addresses and transaction activity, but it does not clearly warn that this transmits monitored data to third-party infrastructure under the user's control. In a documentation/tutorial context this is not malicious, but it can still cause privacy, compliance, or accidental data-exposure issues if users paste test/demo webhook URLs or do not understand the data flow.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs users to provide a `webhookUrl` where Moralis will send POST requests, but it omits any warning that blockchain event data will be transmitted to that external endpoint. In a webhook-oriented skill, this omission matters because users may expose internal endpoints or send sensitive monitoring data to third parties without understanding the privacy, trust, and authentication implications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This documentation exposes a destructive DELETE operation that permanently removes a stream but provides no warning, confirmation guidance, or safeguards against accidental use. In an agent skill context, that omission increases the chance an automated agent could delete production monitoring streams based on an ambiguous or insufficiently verified user request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly shows that the `/settings` endpoint returns a `secretKey`, but it provides no warning that this value is sensitive or that exposing it could compromise webhook authenticity or related project security controls. In a skill intended to help users configure real-time blockchain webhooks, normalizing retrieval and display of a secret without handling guidance increases the risk of accidental logging, sharing, or misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill instructs the agent to send data to an external Moralis API and use an API key, but it provides no user-facing disclosure or confirmation step about external network transmission, authentication use, or downstream webhook triggering. In an agent setting, that can cause unintended outbound actions and surprise side effects, especially because the endpoint triggers webhook delivery for configured destinations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation describes a replay endpoint that can resend previously delivered webhook events but does not warn users that invoking it may retrigger downstream automations, notifications, state transitions, or financial/business logic. In a real-time blockchain streaming skill, replay semantics are especially sensitive because consumers often assume webhook handlers are side-effectful, so omission of idempotency and replay warnings can lead to duplicate processing or unsafe operational use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to send a sensitive webhook validation secret and API key to an external service without any warning about secure handling, storage, rotation, or the trust implications of configuring outbound webhooks. In a security-sensitive integration skill, omitting such guidance can lead to credential exposure through copied examples, logs, screenshots, shell history, or misuse of production secrets in testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation allows updating `webhookUrl` for a live stream without any warning that this changes the destination of all future blockchain event deliveries. In an agent setting, this omission can enable silent rerouting of event data to an attacker-controlled endpoint, causing data exfiltration, monitoring disruption, or downstream automation abuse.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 1: Create the Stream

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
89% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Single DEX (Uniswap V2 on Ethereum)

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
83% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Multiple DEXes (Ethereum, BSC, Polygon)

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
83% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
> **Note:** The `allAddresses` feature is only available on Business and Enterprise plans.

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
84% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
> **Note:** Some NFT contracts like CryptoPunks don't follow standard ERC721 and won't trigger webhooks.

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
84% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Track when high-value ENS domains are registered by monitoring the `NameRegistered` event on the ENS Registry.

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
82% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Monitor a specific ERC20 token for mint and burn events by detecting transfers to/from the zero address.

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
84% confidence
Finding
https://api.moralis-streams.com/

External Transmission

Medium
Category
Data Exfiltration
Content
> **Note:** CryptoPunks use a non-standard contract that does not follow ERC721. Standard `Transfer(address,address,uint256)` events won't work.

```bash
curl -X PUT "https://api.moralis-streams.com/streams/evm" \
  -H "accept: application/json" \
  -H "X-API-Key: $MORALIS_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
82% confidence
Finding
https://api.moralis-streams.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal