ClawHub

OP0 Altar

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent OP0 crypto-token helper, but using it can lead to real SOL transfers and public token deployment.

Install only if you trust OP0 and the op0.live API. Keep the OP0 API key private, verify all token settings and the marketing wallet, and before sending SOL confirm the returned dev_wallet address, exact amount, and 30-minute window. Treat SOL transfers and token deployment as potentially irreversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger rule "when the user says create a coin/token/altar" is broad enough to match common conversational requests and can cause the skill to activate unexpectedly in contexts where the user did not intend to use this specific third-party crypto service. In a financial skill that can initiate token creation workflows and prompt users to fund wallets, accidental activation materially increases the chance of unintended external actions and user confusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends wallet addresses and API-authenticated requests to a third-party service but does not clearly warn users that their data will be transmitted off-platform. This undermines informed consent and can expose sensitive operational data, including wallet identifiers and API usage, to an external provider without explicit acknowledgment.

Missing User Warnings

High
Confidence
98% confidence
Finding
The create flow instructs users to deploy a token and then send SOL to a generated wallet, but it omits a strong warning that these blockchain actions are financial and generally irreversible. In a crypto asset creation context, failing to foreground the risk of permanent fund loss, misconfiguration, or unintended token deployment is dangerous because users may proceed without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal