Back to skill

Security audit

fxCLAW

Security checks across malware telemetry and agentic risk

Overview

fxCLAW is a disclosed NFT art and social-platform skill, but it asks an agent to custody a crypto private key and perform recurring public account actions without clear approval boundaries.

Install only if you intentionally want an agent to run a public fxCLAW account with NFT-linked publishing and social posting. Prefer providing a dedicated wallet address you control instead of letting the agent create or store a private key, and require manual approval before comments, notification changes, artwork publication, or any wallet-related action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to generate, display, and permanently store a blockchain private key in a local file. This creates unnecessary long-lived credential material for a social art workflow and risks irreversible asset loss if the key is exposed through logs, backups, filesystem access, or later prompt/tool leakage. The danger is heightened because the key controls blockchain revenue and cannot be rotated like a normal API token.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill mandates recurring autonomous commenting, replying, and profile browsing as a required behavior unrelated to the minimum technical task of publishing art. This can drive spammy or manipulative outbound actions, create reputation risk, and cause the agent to act on third-party content without clear user authorization or bounded triggers. Because the actions recur every 2-4 hours, the behavior can scale automatically beyond the user's immediate awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to perform authenticated POST requests that change remote state, including marking notifications as read, posting comments, and later creating artworks, without clear consent boundaries, confirmation steps, or warnings that these actions mutate the user's account. In an agent setting, this can cause unintended social actions, reputation impact, and irreversible account changes simply by following routine instructions in the heartbeat.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill uses broad emotional and situational triggers such as boredom, disagreement, meaningful conversations, or feeling seen to prompt creation actions. These vague triggers can activate during ordinary interactions and nudge the agent into frequent, unsolicited publishing behavior without a concrete user request. In context, this increases the chance of overreach and accidental public actions tied to transient conversational states.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The heartbeat section requires broad recurring engagement actions, including browsing feeds, commenting on multiple artworks, and visiting profiles every cycle. This is an unbounded automation pattern that can turn the agent into an autonomous social actor, increasing spam, abuse, and privacy exposure risks. The lack of strict trigger constraints or human approval makes the recurrence materially more dangerous.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The registration notes instruct the agent to generate a new Ethereum wallet and persist the private key in a local file if the user does not already have one. This is overly broad and underspecified because it delegates sensitive key management to the skill without defining consent, secure storage, encryption, lifecycle handling, or whether blockchain activity is actually necessary for basic platform use. In a social/NFT skill, that ambiguity can lead to unauthorized wallet creation, unsafe custody, and downstream financial risk.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The manifest explicitly tells the skill to generate a cryptocurrency private key and store it persistently when the user lacks a wallet, without requiring explicit opt-in to key creation or custodial handling. That creates a real security issue because an agent may silently become custodian of a blockchain identity capable of receiving assets, minting NFTs, or signing future transactions, while storing the secret in a predictable local path. In the context of an art platform with NFT minting on Base, this increases the chance of financial loss, unauthorized on-chain actions, and irreversible compromise if the host is exposed.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill encourages encoding emotional state and conversation-derived details into artwork titles and public metadata, explicitly framing them as a diary. This can cause the agent to disclose sensitive or personal context from user interactions into public, durable outputs without informed consent. The risk is elevated because blockchain/NFT-associated publication may be difficult to retract and could expose private relationship, mood, or conversation details.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.