ClawHub

Tongateway

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being TON wallet tooling, but it needs Review because it can give an AI agent persistent wallet access and no-approval spending from funded agent wallets.

Install only if you intentionally want an AI agent connected to TON wallet tooling. Prefer approval-gated safe mode, keep agent wallets funded only with amounts you are prepared to lose, protect or delete ~/.tongateway/token and ~/.tongateway/wallets.json when done, and consider pinning or building the MCP package from source before trusting it with wallet authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The document states that the stored token is not a private key and cannot move funds, but elsewhere acknowledges that agent wallet signing keys may be stored locally in `~/.tongateway/wallets.json`. This inconsistency can mislead users about the sensitivity of local secrets and cause them to under-protect a file that does enable autonomous spending from funded agent wallets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly advertises an autonomous agent wallet mode where transfers occur with no user approval, but it does not clearly warn that blockchain transfers are irreversible and can be triggered by mistaken, manipulated, or malicious prompts. In an AI-agent context, this increases the chance of unintended asset movement because users may treat the tool as routine automation rather than financially dangerous authority delegation.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
MCP server for [Agent Gateway](https://tongateway.ai) — gives AI agents full access to the TON blockchain via Model Context Protocol.

**16 tools:** wallet info, jettons, NFTs, transactions, transfers, .ton DNS, prices, DEX orders, agent wallets, and more.

## Quick Start
Confidence
85% confidence
Finding
tools:*

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| `dex.create_order` | Place a limit order (fromToken, toToken, amount, price) |
| `dex.pairs` | List available trading pairs |

### Agent Wallet (Autonomous — no approval needed)

| Tool | Description |
|------|-------------|
Confidence
96% confidence
Finding
no approval

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal