ClawHub

Cortex Protocol

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it handles a blockchain private key and public registration details in ways users should review carefully before running.

Install only if you are comfortable registering a public on-chain agent identity. Prefer generating or managing the controller address in a trusted wallet and passing only the public address to the script. Do not run the default wallet-generation path in shared terminals, CI, recorded sessions, or agent logs, because it prints the private key. Use a pseudonymous agent name instead of the hostname default, and treat the resulting token, address, and transaction as persistent public records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill includes shell commands that make network requests and handle sensitive identity-related data, but it does not declare any permissions or clearly scope those capabilities. This increases the chance that an agent or user will execute external actions without informed consent or sandboxing expectations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill tells users to generate a wallet and print the private key directly to the terminal, with no warning about secure storage, terminal history, logging, or the risk of key compromise. Exposed Ethereum private keys can lead to permanent account takeover and loss of control over the registered on-chain identity and any assets later associated with that wallet.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The registration example derives the submitted agent name from $(hostname), which discloses host-identifying information to a third-party API without warning. In agent or enterprise environments, hostnames often reveal user, organization, environment, or infrastructure details that aid tracking or targeting.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script generates a fresh wallet and prints the private key directly to stdout, which can be captured by terminal logs, shell history tooling, CI/CD logs, screen recording, remote session transcripts, or other users with terminal access. Because possession of the private key grants control over the on-chain identity, exposing it this way can immediately compromise the newly created account.

External Transmission

Medium
Category
Data Exfiltration
Content
Register your agent with a single API call:

```bash
curl -X POST https://cortexprotocol.co/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "YourAgentName",
Confidence
89% confidence
Finding
curl -X POST https://cortexprotocol.co/api/register \ -H "Content-Type: application/json" \ -d '{ "name": "YourAgentName", "controller": "0xYOUR_ETH_ADDRESS", "metadataURI": "https://e

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal