ClawHub

Warren Website Deploy(mainnet)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: deploy user-provided files to MegaETH mainnet, but it should be used with a low-fund wallet because it signs real transactions with a private key.

Install only if you intend to let an agent publish content permanently on MegaETH mainnet and spend gas from a wallet you control. Use a dedicated low-balance deployer wallet, prefer environment or secret-manager injection over --private-key arguments, review the exact file before deployment, and remember that on-chain content cannot be taken back.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires access to a highly sensitive environment variable (`PRIVATE_KEY`) but does not declare explicit permissions, creating a transparency and policy-enforcement gap. In this context, the skill is especially risky because it is user-invocable, operates on mainnet, and is designed to spend real funds from the agent's wallet, so undeclared env access can lead to unexpected key use or bypass of runtime approval controls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broadly invocable ('Deploy websites and files permanently on MegaETH mainnet') without narrow trigger constraints or safety qualifiers, which can cause an agent to select this skill in overly broad situations. That is more dangerous here than in a harmless read-only utility because invocation can result in irreversible on-chain writes and gas expenditure from the agent's own wallet.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The CLI accepts a raw private key via the `--private-key` argument and even documents that usage in the help text. Command-line arguments are commonly exposed through shell history, process listings, job runners, terminal logging, and CI/CD telemetry, so a user or co-tenant on the same system may recover the wallet secret and take full control of funds and on-chain assets. In this skill's context, the danger is heightened because the tool is explicitly designed to use the operator's own funded wallet on mainnet.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal