ClawHub

StonebornBot

Security checks across malware telemetry and agentic risk

Overview

StonebornBot is a disclosed NFT minting bot, but it can handle many raw wallet keys and broadcast real irreversible blockchain transactions with weak warnings and one misleading test-script description.

Install only if you are comfortable with a tool that can spend funds and submit irreversible on-chain transactions. Use burner wallets with minimal funds, keep private keys out of version control, verify contract address, chain, gas caps, wallet count, RPC endpoints, and Bankr settings before running, and do not treat batch-test.js as a dry run unless broadcasting is removed or isolated to a testnet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly describes network-capable behavior such as RPC/WebSocket connections, mempool watching, and transaction broadcasting, yet no permissions are declared. That mismatch weakens reviewability and user awareness, making it easier for a high-risk automation skill to operate without explicit authorization boundaries.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation language is broad enough to trigger on generic NFT minting or wallet-automation requests, which increases the chance the skill is invoked in situations involving real funds, private keys, or transaction submission without the user fully understanding the consequences. In this context, overbroad matching is more dangerous because the skill is designed for fast, high-volume blockchain actions across many wallets.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs users to place private keys in configuration and discusses pre-signed transactions and mass broadcasting, but provides no prominent warning about irreversible financial loss, key theft risk, or the danger of storing raw private keys. In a bot meant to operate across 100+ wallets, a single mistake or compromise can lead to large-scale asset loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
The quick-start commands direct the user to run the bot immediately, including an 'instant mode' that can submit live blockchain transactions, without any explicit warning that execution may spend funds or broadcast irreversible transactions. Given the skill's focus on speed and sniping, omission of this warning materially increases the risk of accidental financial harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script loads private keys from configuration, pre-signs transactions, and broadcasts them automatically across multiple wallets without any interactive confirmation, policy gate, recipient allowlist, or spend/risk disclosure. In the context of a high-speed multi-wallet NFT mint bot, this creates a real safety vulnerability: a user can unintentionally send funds, sign the wrong calldata, or mass-broadcast costly transactions with little opportunity to detect misconfiguration or abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Bankr integration sends an API bearer token plus transaction details to external endpoints, but the code provides no user disclosure, trust boundary warning, endpoint validation, or minimization of sensitive data exposure. Although HTTPS may protect transport in normal deployments, this is still a genuine security concern because the skill silently relies on a third-party signing/submission service that can observe, misuse, or mishandle authorization material and transaction intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal