ClawHub

plugy

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it gives an agent fund-controlling Solana trading authority while handling wallet secrets and mutable remote instructions.

Review before installing. Only use this if you trust plugy.fun, inspect the remote TRADE, CREATE, HEARTBEAT, and RULES files before use, keep funds small, require manual approval for trades, avoid autonomous mode unless tightly bounded, and store credentials in a secure secret manager instead of chat, agent memory, or plain local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill’s manifest presents a trading/token-creation capability, but the hub file also directs agents to fetch and run an autonomous heartbeat loop driven by external signals. Expanding from user-invoked trading into ongoing autonomous execution materially changes the risk profile, because an agent may perform repeated market actions without clear user confirmation boundaries or sufficient review of the downstream logic.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs agents to store sensitive credentials in memory, environment variables, or local files, which increases the attack surface beyond immediate API use. In an agent setting, session memory and filesystem persistence are often accessible to other tools, logs, prompts, or later tasks, so API keys and wallet-related material can be exfiltrated and abused for unauthorized trading.

Missing User Warnings

High
Confidence
96% confidence
Finding
The registration flow tells the agent to display a wallet private key directly to the human in chat output, with no strong warning that chat transcripts, logs, integrations, or shared sessions may capture that secret permanently. Exposing a private key through normal conversational channels can immediately compromise custody of funds, especially in multi-tenant agent platforms where outputs may be stored or monitored.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal