ClawHub

Trifle Auth

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do Trifle wallet login as advertised, but it handles wallet private keys and long-lived session tokens with enough scoping and storage concerns that users should review it carefully before installing.

Install only if you are comfortable with this skill handling a wallet private key and storing a reusable Trifle session token locally. Use a fresh wallet with no valuable funds, prefer setting `TRIFLE_PRIVATE_KEY` explicitly or reviewing the exact 1Password item first, and verify permissions on `~/.local/state/trifle-auth/auth-state.json` and any `~/.trifle-wallet.key` file after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s stated purpose is authentication, but it also generates wallets and provisions private keys. Expanding from auth/session handling into credential creation and storage materially increases secret-handling risk, especially because generated keys may be persisted to disk or a password manager and then reused for API access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code reads a private key from a hard-coded 1Password path and also creates new private keys that may be written to 1Password or a local file. This grants the skill broad secret-management capability beyond simple authentication, and the fallback to a predictable file in the user home directory increases the chance of credential exposure or unintended reuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation does not prominently warn users that running wallet generation will persist a newly created private key into 1Password or, if unavailable, a local file. Secret material handling is highly sensitive; unexpected storage of a blockchain private key can create account-compromise risk if users do not understand where the key is being written, how it is protected, or that a fallback location exists.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Hard-coding a personal vault/item path (`op://Gigi/...`) and user-specific naming bakes developer-specific secret locations into the skill. In a shared agent environment, this can cause accidental access attempts against the wrong vault, leak internal naming conventions, and normalize unauthorized coupling between the skill and a specific operator’s secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal