ClawHub

31Third Safe Rebalancer (Simple)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Safe rebalancer, but it can sign and broadcast live trades with an executor private key without a built-in confirmation step.

Install only if you trust the publisher and understand that rebalance_now can trade assets from your Safe and incur gas costs. Use a dedicated executor wallet with minimal permissions, never use the Safe owner key, verify deployed policies and slippage limits first, and configure your agent or workflow to require explicit human approval before each live rebalance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes executing rebalancing with an ethers private-key signer and waiting for transaction confirmation, but it does not prominently and explicitly warn that this submits real on-chain trades that can move user funds, incur gas costs, and cause irreversible asset changes. In the context of a non-technical-user 'one-step' Safe rebalancer, this omission materially increases the risk of users triggering financially impactful transactions without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This function submits and waits for an on-chain rebalance transaction immediately after computing a plan, with no user-facing confirmation, dry-run gate, or explicit acknowledgement in this file. In a skill/agent context, that creates a real risk of unintended asset movements if the skill is invoked automatically, with impact amplified because blockchain transactions are generally irreversible once mined.

Missing User Warnings

High
Confidence
92% confidence
Finding
This function unconditionally executes a live on-chain rebalance after planning, with no explicit confirmation gate, dry-run default, transaction preview approval step, or policy allowing the caller to require interactive consent. In an agent skill context, that means invoking the skill can directly move assets from the Safe through the executor module, making accidental or unauthorized portfolio changes materially dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal