ClawHub

Slv Validator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Solana validator operations skill, but users should treat its setup, cleanup, identity-switching, and external monitoring commands as high-impact infrastructure actions.

Install only if you operate Solana validator infrastructure and are comfortable reviewing Ansible playbooks and shell setup steps. Before running cleanup, identity-switching, migration, or monitoring commands, confirm the target host, validator identity, key handling, RPC endpoint, and rollback plan; avoid placing API keys directly in shell commands or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill explicitly warns against hardcoding private infrastructure IPs, yet it embeds fixed shred receiver IP addresses and region mappings. This creates security and operational risk because infrastructure details become stale, expose service topology, and may direct operators to endpoints that change ownership, become unavailable, or are inappropriate for a given environment.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill documents `slv v cleanup` / `rm_ledger.yml` as a routine operation but does not warn that it deletes ledger and snapshot data, which can cause data loss, lengthy resynchronization, and possible service disruption if run on the wrong host or at the wrong time. In an agent-assisted workflow, omission of explicit destructive-operation warnings increases the chance that a user or automation invokes it without understanding the operational consequences.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The documented identity-switching and zero-downtime migration operations affect validator identity state and availability, yet the skill provides no warning about risks such as accidental failover errors, double-signing safeguards, downtime, or activating the wrong identity. Because validator operations are safety-sensitive, an agent following this documentation could guide a user into high-impact state changes without appropriate caution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically installs software and may invoke privileged package manager commands without first obtaining explicit confirmation from the user. In a setup script for an agent skill, this increases risk because running it causes immediate system changes and possible privilege escalation prompts, which is dangerous if users treat the script as a harmless prerequisite checker.

External Transmission

Medium
Category
Data Exfiltration
Content
3. **Slot Sync Check** (every 60 seconds, after RPC responds):
   ```bash
   # Network latest slot (requires ERPC API key or other reference RPC)
   NETWORK_SLOT=$(curl -s "${REFERENCE_RPC_URL}" \
     -H 'Content-Type: application/json' \
     -d '{"jsonrpc":"2.0","id":1,"method":"getSlot"}' | jq -r '.result')
Confidence
82% confidence
Finding
curl -s "${REFERENCE_RPC_URL}" \ -H 'Content-Type: application/json' \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal