ClawHub

permissionless prediction markets

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate blockchain trading skill, but it can use a wallet private key to submit live on-chain transactions and persistent token approvals without enough safety controls.

Install only if you understand it can move real funds on Base. Use a dedicated low-balance wallet, avoid primary wallet keys, review contract addresses and token allowances, prefer exact approvals over unlimited approvals, and manually confirm transaction parameters before broadcasting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly requires access to sensitive environment data, including a wallet private key, but does not declare permissions or present that requirement as a formal capability boundary. In an agent setting, undeclared secret access reduces transparency and can lead to unsafe execution contexts where operators do not realize the skill can consume signing credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to export a raw wallet private key directly into the environment without a strong warning about key theft, shell history leakage, process inspection, or using a dedicated low-value wallet. Because this skill performs live on-chain actions on Base, compromise of that key can immediately lead to loss of all funds controlled by the wallet.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation normalizes unlimited ERC20 approvals and emphasizes UX benefits without an equally prominent warning that a compromised or buggy contract, SDK, or operator flow could drain all approved token balances. In a DeFi trading skill that accepts arbitrary ERC20 collateral, this materially increases financial risk beyond the amount intended for a single trade or market creation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API reference instructs users to supply a raw wallet private key directly in client configuration without any warning about secure secret storage, environment isolation, or the risk of exposing signing authority. In a blockchain trading SDK, disclosure of that key would allow full theft of funds and unauthorized transactions from the wallet, so normalizing this pattern increases the chance of unsafe integrations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples demonstrate market creation and trading transactions that move real on-chain assets but do not warn that these actions are live, irreversible, and may incur slippage, gas costs, and permanent loss if misused. In the context of a prediction-market SDK on Base, omission of these warnings makes accidental real-fund execution more likely, especially for developers copying examples into production or testing against mainnet defaults.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The examples demonstrate real on-chain actions—market creation, trading, settlement, and redemption—against Base mainnet without any explicit warning that these operations can move funds, incur gas costs, and have irreversible financial consequences. In an agent skill context, examples are often copied directly into automations, so omitting safety framing materially increases the risk of unintended real-asset execution.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation instructs users to load a private key directly from environment variables but does not warn about secret exposure, hot-wallet risk, or the danger of using production keys in sample code. In this skill's context, where the client is used for live blockchain trading and settlement, compromised or misused credentials could lead directly to unauthorized transactions and loss of assets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script submits a live blockchain trade immediately after parsing CLI arguments and fetching market info, without any interactive confirmation or explicit non-interactive safety flag. In a financial trading skill that uses a wallet private key and can move real funds on Base, this increases the risk of accidental execution from mistyped parameters, automation mistakes, or deceptive wrapper tooling.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal