ClawHub

OlaXBT Nexus Data

Security checks across malware telemetry and agentic risk

Overview

The skill mostly behaves like a JWT-based crypto data API wrapper, but it ships and exports private-key wallet-signing code while repeatedly claiming it never handles private keys.

Install only if you are comfortable using a wallet-linked JWT with this API, and do not provide an Ethereum private key to this package despite the documentation's JWT-only framing. Prefer using only NEXUS_JWT, avoid custom API URL overrides unless you trust the endpoint, and treat any printed or logged token fragments as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file materially contradicts the skill metadata by implementing direct private-key-based wallet authentication and signing inside the skill. In an agent-skill context, accepting and using raw private keys greatly increases secret-handling risk, expands the attack surface, and can mislead users or reviewers into believing the skill never touches key material.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The JWT-only docstring says the skill does not handle private keys, but the same module includes a class that does exactly that. This inconsistency is security-relevant because it can cause operators to supply sensitive credentials under false assumptions and undermines review, consent, and policy enforcement.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The sanitizer claims to prevent injection attacks, but it only strips a few HTML/JS-related patterns and normalizes whitespace. This creates a false sense of safety: callers may treat the output as safe for HTML, URLs, SQL, shell commands, templates, or other contexts where context-specific escaping or parameterization is required, enabling injection if untrusted input is later reused.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example prints the JWT token to stdout, exposing a live bearer credential in terminal scrollback, logs, shell history captures, CI output, or shared recordings. In this skill's context, the JWT is wallet-linked and grants access to the Nexus API account, so leaking it could allow unauthorized use of credits and access to account-scoped data until the token expires or is revoked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal