ClawHub

Warren NFT Deploy(mainnet)

Security checks across malware telemetry and agentic risk

Overview

This NFT deployer appears purpose-built, but it needs review because it uses a live wallet for irreversible mainnet transactions, auto-mints a prerequisite NFT, and posts collection metadata by default without a clear confirmation step.

Install only if you are comfortable giving this skill a wallet private key and letting it make irreversible MegaETH mainnet transactions. Use a fresh wallet funded only with the ETH needed for deployment, prefer PRIVATE_KEY in the environment over --private-key, review the contract addresses and collection parameters first, and be aware that Warren registration is attempted by default and sends wallet-linked collection metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no explicit permissions while clearly requiring sensitive capabilities: access to a wallet private key from the environment and outbound network communication to an RPC endpoint and optional registration API. This under-declaration weakens user awareness and platform enforcement, making it easier for a user to invoke a skill that can spend funds or transmit metadata without a clear permission boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose focuses on NFT deployment, but the skill also performs additional behaviors: prerequisite key checks or auto-minting, optional POST registration to a third-party API, and local SVG generation. Even if these are described later in the file, they are outside the narrow top-level purpose statement and can materially affect user cost, privacy, and trust, especially because auto-minting and remote registration introduce extra transactions and data flows.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script claims to deploy NFT collections on-chain, but it also sends deployment metadata, including ownerAddress, nftAddress, containerId, and collection details, to an external API. This creates an undisclosed off-chain data flow and dependency that can leak user activity and ownership information, and could be abused if the endpoint is compromised or changed.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The default REGISTER_API introduces off-chain network behavior that is not necessary for the core stated purpose of deploying NFTs on-chain. In a wallet-connected deployment script, extra outbound communications increase privacy risk and expand the trust boundary beyond the blockchain and RPC provider.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
If no required access NFT is present, the script automatically mints a 0xRabbit.agent Key and later proceeds with multiple blockchain transactions, all without an explicit confirmation gate. Because these operations are irreversible and consume gas, accidental execution or misuse of the script can directly cause unintended on-chain actions and financial loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits collection metadata and ownerAddress to an external service during the normal deploy flow without a clear upfront privacy notice or consent prompt. Users may reasonably expect only blockchain and RPC interactions from an on-chain deployment tool, so this hidden disclosure can expose operational and identity-linked information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal