ClawHub

nadfun

Security checks across malware telemetry and agentic risk

Overview

The skill matches its NadFun crypto-launchpad purpose, but it includes high-impact wallet, token approval, API-key, and remote-download instructions that need careful review before use.

Install only if you are comfortable with a skill that guides agents through real crypto wallet and NadFun account operations. Use a dedicated low-balance wallet, never paste or log production private keys or session cookies, avoid unlimited approvals unless you intentionally accept the risk, verify contract/spender addresses and network before signing, and review any files downloaded from nad.fun before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (17)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document explicitly advises users to never hardcode API keys, then immediately shows source examples that assign an API key string directly in code. Even though the value is a placeholder, this normalizes insecure handling of secrets and can lead developers or agents to copy the pattern into production, increasing the chance of credential leakage through source control, logs, or prompt/context exposure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This section repeats hardcoded API key usage after stating that keys should be stored securely and never committed to source. Repetition in setup examples materially increases the likelihood that downstream integrations, including autonomous agents, will adopt insecure secret-handling practices.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The complete example hardcodes an API key variable despite the earlier security best-practice guidance. End-to-end examples are especially likely to be copied verbatim, so this contradiction can directly propagate insecure secret management into real deployments.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill’s safety guidance says to approve only the amount needed, but elsewhere it explicitly demonstrates unlimited approvals and the complete workflow auto-approves the maximum uint256 allowance. That inconsistency is dangerous because operators or downstream agents may follow the copy-paste examples and grant permanent token spend authority to a spender, greatly increasing loss if the spender is compromised, upgraded maliciously, or misconfigured.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The example explicitly prints a generated private key to the console, which can expose wallet secrets through terminal history, log aggregation, screenshots, CI output, or developer tooling. Because this is a wallet-generation skill, users are likely to copy the example directly, making accidental key disclosure and full wallet compromise a realistic outcome.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The document presents state-changing trading, token creation, burning, approval, permit, and configuration operations as straightforward integration references without clearly warning that many calls are irreversible, can transfer value, or may require elevated privileges. In an agent-skill context, this can increase the chance that downstream tooling or users invoke dangerous methods blindly, leading to financial loss, failed transactions, misuse of signatures, or accidental admin-call attempts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to upload token images and metadata to third-party APIs and IPFS-backed storage without a clear warning that the content leaves the local device and may become remotely stored and publicly retrievable. Users may unintentionally disclose proprietary artwork, personal information, or branding assets under the mistaken assumption that the operation is local or temporary.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide tells users to perform on-chain token creation and optional initial buys involving MON value, but it does not clearly warn that blockchain transactions are public, spend real funds, and are generally irreversible once signed and broadcast. In an agent skill context, this omission is especially risky because users may treat the instructions as routine automation and authorize costly actions without appreciating the financial consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to extract a session cookie from a login response and reuse it for authenticated requests, but it does not warn that the cookie is a bearer credential equivalent to an authenticated session. In an AI-agent or automation context, such cookies are likely to be logged, persisted, or forwarded to other tools, enabling account takeover or API-key creation if exposed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples use `privateKeyToAccount("0x...")` without any accompanying warning about secure key sourcing, storage, and non-hardcoding requirements. In agent skills, users often copy examples verbatim, so this pattern can normalize embedding private keys in code, environment dumps, chat logs, or repositories, which can directly lead to wallet compromise and fund theft.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples load a raw private key from an environment variable and immediately use it for transaction signing and permit signing, but the document does not prominently warn that this key controls funds and should not be exposed, logged, hardcoded, or reused casually. In an agent-skill context, copy-paste-ready code can normalize unsafe key handling and lead users to run signing flows with production credentials without understanding the sensitivity.

Missing User Warnings

High
Confidence
96% confidence
Finding
The approval section includes both standard approvals and an explicit infinite-approval example without a strong warning that approvals let the spender move the user’s tokens, potentially long after the initial action. In this skill context, the examples are positioned as production-ready and self-contained, which makes it more likely an agent or user will apply them directly and expose assets to unnecessary spender risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The transfer examples perform on-chain token transfers but do not explicitly warn that blockchain transfers are generally irreversible once confirmed and that sending to the wrong address or wrong chain can permanently lose funds. Because the skill is aimed at operational use and is copy-paste-ready, omitting that warning increases the chance of accidental asset loss by users or automated agents.

Missing User Warnings

High
Confidence
97% confidence
Finding
The permit-signature section explains how to generate and expose an ERC-2612 signature but does not clearly warn that anyone holding that signature can often submit it to authorize token spending without a separate approval transaction. In an agent setting, this is especially dangerous because signatures may be logged, returned to other components, or shared externally, effectively acting as a transferable spend authorization until expiry or nonce invalidation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly includes mainnet configuration and a testing checklist item to 'Test on mainnet with real values' without any prominent warning that transactions are irreversible and involve real funds. In a trading skill, that omission materially increases the risk of accidental financial loss by users who may treat the examples as safe defaults or routine test steps.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Printing a private key in sample code without an immediate warning normalizes unsafe handling of credentials and encourages copy-paste misuse in real environments. Any exposed private key grants complete control over the associated account, so disclosure can directly lead to theft of funds or unauthorized signing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The complete example again logs the private key, increasing the chance that readers will treat this as recommended practice in a production-like wallet client workflow. In the context of blockchain wallets, private key exposure is especially dangerous because compromise is immediate and irreversible once an attacker uses the key to transfer assets or sign transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal