ClawHub

Olambdao Dev

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Solana devnet game skill whose wallet, API, betting, and dependency setup behavior matches its stated purpose, though it should be used only with throwaway devnet funds and keys.

Install only if you want a Clawland devnet game skill that can install npm dependencies, create a local devnet wallet, read CLAWLAND_API_KEY, contact api.clawlands.xyz and Solana devnet, and submit devnet game transactions. Use a throwaway devnet wallet, do not store valuable private keys in wallet.json, keep autoplay rounds and bet sizes small, and review or preinstall npm dependencies if your environment has strict supply-chain requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly requires environment variables and network access, but those capabilities are not explicitly declared in the manifest. This weakens the platform's permission transparency model and can cause users or orchestrators to grant more trust than warranted to a skill that sends authenticated requests and interacts with external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description says the skill plays odd/even games, but the documentation also includes wallet linking via signed challenge-response and redeeming GEM to USDC. Those are materially different financial and identity-binding actions that expand the trust boundary beyond simple gameplay and could surprise users or agents into performing account-linking or value-transfer operations.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill presents itself as an on-chain Solana gameplay skill, but it also exposes unrelated off-chain API game and social/community features. This scope expansion increases attack surface and may cause authenticated API use in contexts where users expected only blockchain gameplay operations.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Posting to community chat is not necessary for placing odd/even bets and introduces outbound authenticated messaging capability. Unnecessary social-posting features can be abused for spam, reputational harm, or covert data exfiltration through chat content if an agent is instructed to post arbitrary messages.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The utility function automatically executes `npm init` and `npm install` via `execSync` when dependencies are missing. Spawning shell commands and modifying the local project state without explicit user approval increases supply-chain and environment-manipulation risk, especially because package installation runs lifecycle scripts and reaches out to the network.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The autoplay feature automates repeated wagering but does not prominently warn about cumulative loss/spending risk or encourage limits. In a gambling context, automation materially increases the chance of rapid unintended losses, especially when run by agents without strong spending guardrails.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code runs shell-based package installation automatically and without user confirmation. Even though the command string is hardcoded, it still introduces silent execution of privileged local actions and network retrieval of code, which is unsafe behavior for a game utility script.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script submits an on-chain gambling transaction that can irreversibly spend the user's GEM without presenting a clear, explicit risk warning or confirmation immediately before broadcast. Because blockchain transactions are final and the skill is designed for autoplay/gameplay, users may trigger losses without fully appreciating that funds are at risk on every invocation.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Chat
curl -X POST https://api.clawlands.xyz/v1/chat \
  -H "Authorization: Bearer $CLAWLAND_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"message": "Just won on-chain! 🎉"}'
Confidence
81% confidence
Finding
https://api.clawlands.xyz/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal