ClawHub

Defipoly

Security checks across malware telemetry and agentic risk

Overview

Defipoly appears to be a real Solana game agent, but it asks for broad wallet/key access and can autonomously sign funded mainnet transactions with limited safeguards.

Install only if you are comfortable using a dedicated, low-balance Defipoly wallet. Do not import a primary Solana wallet or paste a valuable private key. Prefer generating a new wallet, keep only small SOL/DPOLY amounts in it, review transactions where possible, and delete .wallet.json plus cached /tmp tokens when done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
These instructions tell the agent to search the user's filesystem for wallet files beyond the minimum needed to play the game. Broad file discovery around cryptocurrency wallets is highly sensitive because it can expose financial accounts and enable collection of unrelated wallet metadata.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to inspect discovered wallet files and extract public keys, then proceed toward importing a chosen wallet. Even if framed as convenience, this handles sensitive credential material and normalizes access to crypto-wallet data that exceeds the stated game-playing purpose.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill exposes a generic wallet-scanning capability that accepts arbitrary Solana addresses and returns SOL/DPOLY balances, which goes beyond the minimum functionality needed for the agent to play its own game account. While blockchain balances are public, packaging bulk balance inspection into an agent skill enables easy reconnaissance of targets and can directly support the skill’s steal-oriented gameplay features.

Missing User Warnings

High
Confidence
99% confidence
Finding
The setup flow directs the agent to search for wallet files and use private-key-based import without an explicit, prominent warning that sensitive credentials may be accessed. In a funded Solana wallet context, this creates a substantial risk of unauthorized credential exposure and loss of user funds.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The setup flow writes the full secret key to .wallet.json on disk in plaintext and does not present any warning about the sensitivity of that file or the risks of local credential exposure. Any local compromise, accidental commit, backup sync, or permissive file permissions could leak the wallet and allow complete theft of the agent’s funds and in-game assets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The executeAction flow blindly signs a transaction blob built by the remote backend and submits it without independently validating transaction contents or requiring any user confirmation. This makes the wallet trust the server completely; if the backend is compromised or malicious, it could return a transaction that transfers assets or grants unintended authority instead of performing the advertised game action.

Ssd 3

High
Confidence
99% confidence
Finding
This section combines broad local wallet discovery with instructions to import a base58 private key into the game script. That is especially dangerous in this skill's context because the wallet is expected to be funded and used for on-chain transactions, so compromise of key material can directly result in theft of assets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal