ClawHub

Safe Multisig Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Safe multisig CLI tool whose sensitive wallet-signing and transaction abilities match its stated purpose.

Install only if you intentionally want a local CLI workflow to operate a Safe. Use a dedicated low-privilege signer when possible, keep private keys out of chat, logs, screenshots, and shared shells, and verify the chain, RPC URL, Safe address, nonce, recipient, value, calldata, confirmations, and safeTxHash before approving or executing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation instructs users to run shell scripts, access environment variables containing secrets, and interact with external networks, but it does not declare those capabilities explicitly. This creates a permission-transparency gap: an agent or reviewer may underestimate the skill's ability to read sensitive data, invoke commands, and submit blockchain transactions, increasing the chance of unsafe execution or secret exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples instruct users to export a raw private key into an environment variable and then use it for signing blockchain transactions, but they provide no warning about key exposure risks in shell history, process environments, CI logs, or shared terminals. In a skill specifically designed to operate a Safe multisig and sign real transactions, this omission can lead to credential compromise and unauthorized approvals or executions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation shows propose, approve, and execute flows for Safe multisig transactions without warning that these actions can irreversibly move funds, change Safe state, or finalize queued operations on live chains. Because this skill targets operational use of a Safe smart account across production networks, a user may run the commands directly and cause unintended financial loss or governance changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal