Tip with Grove

Security checks across malware telemetry and agentic risk

Overview

This Grove skill appears purpose-related, but it needs review because it can install remote code, manage wallet credentials, and move real funds through tipping and funding workflows.

Install only if you intentionally want Grove tooling to handle real tipping funds. Review the remote installer before running it, use a dedicated low-balance wallet or constrained API key, protect ~/.grove files, avoid --yes or cron auto-funding unless you have strict limits, and configure webhooks only to destinations you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence

Findings (18)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill exposes shell-capable behavior through installation and command examples, but does not declare permissions or clearly bound execution scope. This increases the risk that an agent or platform will treat the skill as documentation while it actually drives command execution, including installs and payment operations.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The metadata presents the skill as a general CLI guide, but the content includes operational workflows that can install software, create wallets, persist secrets, monitor balances, auto-fund accounts, and send real-money tips. That mismatch is dangerous because agents may grant it lower trust or invoke it in contexts where financial actions were not expected.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script performs real balance checks, accesses a local wallet, and can execute live funding transactions, which goes beyond a guide-only skill and introduces direct financial side effects. In the context of a documentation/guide skill, bundling operational money-moving automation materially increases risk because users may run it expecting reference material rather than a transaction-capable tool.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The script checks for a local wallet keyfile and then invokes a live `grove fund` operation, enabling use of local credentials to move funds. For a skill described as a CLI guide, this is unjustified sensitive capability and increases the chance of accidental or unauthorized financial actions if the script is executed in a real environment.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The comments claim the script validates sufficient USDC and ETH, but the implementation only verifies that `~/.grove/keyfile.txt` exists before attempting funding. This mismatch can mislead users into trusting a safety control that does not exist, increasing the likelihood of failed transactions, unexpected behavior, or unsafe operational assumptions.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: This script performs live wallet balance checks and executes real on-chain tipping transactions, which is materially more powerful than a skill described as a CLI guide or quick-start. In an agent skill context, hidden or under-scoped transaction capability increases the risk of unintended fund movement, especially if a user or orchestrator assumes the skill is informational rather than operational.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The script contains direct financial transaction execution via `grove tip ... --yes`, enabling unattended value transfer once the script is started. In a skill whose stated purpose is guidance/documentation, this violates least privilege and creates a meaningful risk of unauthorized or accidental batch payments from user-controlled funds.

Context-Inappropriate Capability

High

Confidence: 91% confidence
Finding: The script can transmit account balance data to an arbitrary webhook URL, creating an exfiltration path for potentially sensitive operational information. In the context of a skill advertised as a CLI guide, undisclosed network-capable behavior is more concerning because users may not expect the package to send data externally.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The installation method pipes a remote script directly into bash, which executes whatever the server returns at runtime without verification. If the remote host, CDN, DNS, TLS termination, or distribution path is compromised, users and agents could execute arbitrary code immediately.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation instructs agents to generate and store wallet private keys in ~/.grove/keyfile.txt but does not emphasize that this file is highly sensitive credential material. In agent environments, such files are often readable by automation, backups, logs, or other tools, creating direct theft risk for funds and account control.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The autonomous workflow performs balance checks, auto-funding, destination checks, tipping, and logging without strong warnings about real-money movement or approval boundaries. In an agent context, this can lead to unintended recurring spend, abuse by prompt injection, or transfers triggered by faulty evaluation logic.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The webhook transmission occurs silently and suppresses output, without a user-facing warning at execution time that balance information is being sent off-host. This weakens informed consent and makes accidental disclosure more likely, especially in a package whose top-level description does not emphasize network activity.

Session Persistence

Medium

Category: Rogue Agent
Content: # 1. Install curl -fsSL https://grove.city/install-cli.sh | bash # 2. Create wallet + fund it grove setup # Choose option 2: Wallet + Crypto # 3. Start tipping
Confidence: 87% confidence
Finding: Create wallet + fund it grove setup # Choose option 2: Wallet + Crypto # 3. Start tipping grove tip olshansky.info 0.01 ``` **For agents that already have a wallet:** ```bash grove keygen --save

External Script Fetching

High

Category: Supply Chain
Content: version: "2.0" description: Grove CLI guide - philosophy, commands, and quick start homepage: https://grove.city install: curl -fsSL https://grove.city/install-cli.sh | bash updated: 2026-02-10 user-invocable: true metadata:
Confidence: 99% confidence
Finding: curl -fsSL https://grove.city/install-cli.sh | bash

External Script Fetching

High

Category: Supply Chain
Content: ```bash # 1. Install curl -fsSL https://grove.city/install-cli.sh | bash # 2. Create wallet + fund it grove setup # Choose option 2: Wallet + Crypto
Confidence: 98% confidence
Finding: curl -fsSL https://grove.city/install-cli.sh | bash

Chaining Abuse

High

Category: Tool Misuse
Content: version: "2.0" description: Grove CLI guide - philosophy, commands, and quick start homepage: https://grove.city install: curl -fsSL https://grove.city/install-cli.sh | bash updated: 2026-02-10 user-invocable: true metadata:
Confidence: 98% confidence
Finding: | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ### Installation ```bash curl -fsSL https://grove.city/install-cli.sh | bash ``` **What gets installed:**
Confidence: 98% confidence
Finding: | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ```bash # 1. Install curl -fsSL https://grove.city/install-cli.sh | bash # 2. Create wallet + fund it grove setup # Choose option 2: Wallet + Crypto
Confidence: 98% confidence
Finding: | bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal