ClawHub

Hot Fun Integration

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates Solana meme tokens, but it gives a CLI full wallet-signing authority and signs a remote API-provided transaction without requiring transaction review first.

Install only if you trust the publisher and the npm package source. Use a fresh low-balance wallet, avoid @latest or npx auto-install when possible, never paste the private key into chat, and require a decoded transaction preview before allowing any signing or broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares only allowed shell commands, but its documented behavior clearly requires sensitive environment access and outbound network communication to external services and Solana RPC. This mismatch weakens security review and permission transparency, increasing the chance that an agent or user enables a skill without understanding that it can use a private key and perform irreversible on-chain actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The top-level description presents the skill as a JSON-returning token-creation helper, but the actual documented flow signs messages with a wallet private key, sends authenticated data to a third-party API, and broadcasts a blockchain transaction. That understatement is dangerous because it obscures custody-sensitive behavior and irreversible financial actions, making unsafe approval or use more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation directs users to sign and submit a Solana transaction using a wallet private key but does not warn that the returned transaction is constructed by a remote API and may have irreversible on-chain effects. In this skill context, that omission is especially risky because users may blindly sign a server-supplied transaction, potentially authorizing unintended asset transfers, authority changes, or other harmful actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The authentication flow instructs users to generate an Ed25519 signature with the wallet private key, but provides no warning about private key sensitivity, secure storage, or the danger of exposing signing material in tooling, logs, or automation. In a CLI/agent setting, this increases the chance that users paste raw keys into scripts or agent configs, leading to wallet compromise and unauthorized blockchain actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal