ClawHub

Crypto Address Checker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate crypto address checking skill, but it makes automatic external Etherscan lookups during normal checks despite repeatedly advertising checks as local-only.

Install only if you are comfortable with uncached wallet addresses being sent to Etherscan during checks and with configuring an API key. Treat the included Etherscan key as exposed, prefer your own rotated key, and do not rely on the advertised local-only/no-third-party-sharing claims unless the skill is changed to require explicit opt-in for network sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (39)

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The documentation explicitly states that the system routes to external scanners such as Etherscan and Solscan, which conflicts with the skill description claiming no external API calls during checks. In a security-sensitive scam detector, this mismatch is dangerous because users or downstream agents may trust the manifest and unknowingly expose queried wallet addresses or metadata to third-party services.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The API key and configuration sections show that the skill depends on live third-party services, directly contradicting the stated 'No external API calls during checks!' property. This is risky because operators may provision secrets and enable outbound connectivity under false assumptions, creating undisclosed data-sharing, compliance, and supply-chain exposure.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README makes strong privacy and architecture claims such as 'No external API calls during checks' and 'Local processing only' while also describing background syncing and auto-queueing of unknown addresses for lookup against external services. Even if sync is not performed in the foreground check path, this documentation can mislead users into exposing wallet addresses or metadata to third parties without clear informed consent.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The security section claims 'No third-party data sharing' and 'Local processing only' despite the same README documenting use of Etherscan and ChainAbuse APIs. This is a materially misleading privacy/security representation that can cause users to trust the skill with sensitive blockchain addresses under false assumptions about where their data goes.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documentation explicitly states that unknown-address checks will fetch data from Etherscan in real time, which contradicts the skill metadata claim that checks make no external API calls. This creates a security and trust issue because users and downstream agents may rely on the database-only guarantee when deciding whether it is safe to analyze sensitive wallet addresses.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This section documents a runtime behavior change from offline/database-first analysis to automatic live syncing from Etherscan whenever an address is missing locally. That undermines the advertised trust boundary and can cause unexpected network egress, privacy leakage, and policy violations in environments that prohibit external calls during security-sensitive checks.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The security section says the API key is only sent to Etherscan, but the credits/dependencies mention ChainAbuse API as well. Even if ChainAbuse is only optional or build-time, conflicting third-party disclosure weakens trust and can cause users to underestimate where data may go.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill markets checks as making no external API calls, but the documented convenience script says it will auto-sync if needed. In practice, this means a user can reasonably believe they are performing a local-only check while the workflow may trigger network activity and disclose queried addresses.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The submission documentation directly conflicts with the stated database-first, no-external-calls design by advertising multi-source verification and ChainAbuse API use during checks. This is dangerous because reviewers and users may trust privacy, determinism, and isolation guarantees that the skill does not actually honor, enabling undisclosed data exfiltration or policy bypass via remote lookups.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
Documenting optional Etherscan API use for transaction analysis contradicts the claim that no external API calls occur during checks. In an agent skill context, hidden or under-disclosed outbound requests can leak user-supplied wallet addresses and transaction details to third parties and violate marketplace review assumptions.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
Saying no configuration is required while also describing API-key-based enhanced analysis is misleading operationally and security-wise. It can cause deployers to enable sensitive integrations without understanding credential handling, outbound network behavior, or review implications.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The data sources section explicitly lists ChainAbuse and optional Etherscan as runtime sources, contradicting the claimed no-external-calls scope. This matters because the skill handles potentially sensitive financial indicators, and undisclosed remote enrichment increases privacy, compliance, and trust risks.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
Advertising an active real-time API integration in deployment and demo text further confirms behavior inconsistent with the manifest's no-external-calls promise. In a security tool, this discrepancy is especially dangerous because users may rely on false assurances about offline analysis and data handling.

Context-Inappropriate Capability

High
Confidence
100% confidence
Finding
The submission exposes a hard-coded Etherscan API key in recommended configuration, creating an immediate secret leakage issue. Exposed API keys can be abused by third parties, tied back to the submitter's account, incur quota exhaustion or charges, and indicate poor secret management for a skill that may later handle more sensitive credentials.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The release notes explicitly describe routing checks to external scanner APIs and using separate API keys per blockchain, which conflicts with the skill metadata claim that there are no external API calls during checks. In an agent skill, this kind of documentation mismatch is security-relevant because operators may approve or deploy the skill under false assumptions about data flow, privacy exposure, network behavior, and secret handling.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file presents the product as 'database-first' while also documenting live fetching from external explorers/scanner APIs during checks. This inconsistency can mislead reviewers and users about whether analysis is local versus network-dependent, increasing the risk of undisclosed outbound traffic, data leakage of queried wallet addresses, and incorrect trust decisions during installation.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's normal 'check' path silently performs a live Etherscan-backed sync when an address is missing from the local database, contradicting the stated 'No external API calls during checks!' behavior. This can leak user-supplied addresses to a third party, create unexpected network activity, and undermine trust in the skill's security/privacy model.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
A simple address-check operation conditionally depends on ETHERSCAN_API_KEY, meaning the script reaches for external-service credentials during what is presented as a local database-first scan. This expands the trust boundary, encourages users to provision secrets for routine checks, and can cause unintended disclosure of queried addresses to the external provider.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file header and skill description promise a database-only checker with no external API calls during checks, but the code performs live lookups via blockchain explorer syncers whenever an address is missing from the local database. This mismatch is security-relevant because users and calling agents may rely on the stated privacy boundary and unknowingly disclose wallet addresses to third parties.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The module advertises itself as "Database-Only Checker" while implementing fallback real-time synchronization from external scanners. In a security-sensitive context, deceptive or inaccurate trust-boundary documentation can cause unsafe deployment decisions, especially where operators choose the tool specifically to avoid network egress or third-party data sharing.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The module clearly manages an Etherscan API key even though the skill metadata claims checks perform no external API calls. That mismatch is security-relevant because it can mislead users and reviewers about the skill's real data flows and create trust-based consent problems if other parts of the skill later use the key for outbound requests.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The file presents itself as secure local key storage, but its stated purpose is specifically to support an external Etherscan API key. That framing can reduce user suspicion and obscure the presence of third-party service integration, which is dangerous in a security-sensitive skill that claims no external API use.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The setup script explicitly states it helps users configure an API key and later claims the key is encrypted and stored securely, which conflicts with the skill's description that checks make no external API calls. This inconsistency is dangerous because it can mislead users and reviewers about the skill's true data flows, potentially hiding outbound service dependencies, telemetry, or secret collection not disclosed in the manifest.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The comments describe secure API key configuration even though the skill markets itself as using a database-first design with no external API calls during checks. In a security-sensitive crypto scam detection skill, such contradictions increase risk because users may trust the tool with sensitive wallet or investigation data under false assumptions about offline or local-only behavior.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The code makes live requests to Etherscan and transmits user-supplied wallet addresses plus an API key to an external service, directly contradicting the skill's stated "No external API calls during checks" scope. This is dangerous because it creates an undisclosed privacy and trust boundary: checks are no longer purely local/database-backed, and addresses being analyzed can be exposed to a third party along with operator credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal