ClawHub

XPR NFT (AtomicAssets)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate XPR NFT tool, but it needs review because it can sign real blockchain transactions and one auction-claim action bypasses the documented confirmation pattern.

Install only with a dedicated low-value or least-privilege XPR account, verify the RPC endpoint and @proton/js dependency source, and require explicit user approval for every write action, especially auction claiming. Do not configure a main wallet private key unless you are comfortable with this skill signing irreversible NFT and marketplace transactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The tool description explicitly says the auction-claim action has 'No risk' even though the handler creates and signs real on-chain transactions via `session.api.transact`. Mislabeling a state-changing blockchain operation as risk-free can mislead users or higher-level agents into invoking it without appropriate confirmation, causing unintended asset/proceeds claims or execution in the wrong context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is overly broad for a skill that can mint, transfer, burn, list, purchase, and auction NFTs. Without explicit invocation constraints, safety boundaries, or exclusions, an agent may expose high-risk blockchain actions in contexts where the user did not intend irreversible transactions, increasing the chance of misuse or prompt-induced overreach.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill advertises destructive and transactional NFT capabilities, including burn, transfer, purchase, sale, bidding, and auction claim operations, but provides no warning that these actions may be irreversible and financially impactful. In the context of blockchain assets, missing warnings and confirmation requirements materially increase the risk of accidental asset loss, unauthorized transfers, unintended purchases, or irreversible destruction.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Write operations implicitly load `XPR_PRIVATE_KEY` and other signing configuration from environment variables to create a reusable signing session, but there is no user-facing disclosure at the point of tool use that local credentials will be accessed and used to authorize blockchain transactions. In an agent setting, this weakens informed consent and can lead to unexpected signing of value-bearing actions if callers believe the tool is informational rather than privileged.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal