ClawHub

Kasia

Security checks across malware telemetry and agentic risk

Overview

The skill fits its Kasia messaging purpose, but it handles wallet seed material and persistent local decrypted-message/config data in ways users should review carefully before installing.

Install only after reviewing the external kasia-mcp and kaspa-mcp code you will run. Use a dedicated low-balance wallet, do not pass your primary mnemonic on the command line, lock down or avoid plaintext mcporter secret storage, and manually confirm every mainnet transaction before broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run setup and background-polling workflows that can create or modify local files, including mcporter configuration and message logs, but it does not declare or warn about file-write capability. Hidden persistence and local storage are security-relevant because they can alter agent environment state and may save decrypted message content or wallet-related configuration without explicit user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared purpose is messaging, but the instructions also cover dependency installation, building software, editing runtime configuration, registering MCP servers, and handling highly sensitive secrets such as wallet mnemonics or private keys. This mismatch is dangerous because a user or agent may invoke the skill expecting simple messaging behavior while it performs privileged environment changes and secret-handling operations outside the stated scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The background polling guidance explicitly recommends writing newly decrypted messages to a local file, but it provides no warning that sensitive conversation content will be stored unencrypted on disk. In the context of an encrypted messaging skill, this undermines confidentiality expectations and can expose private messages to other local users, backups, logs, or malware.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script explicitly accepts a wallet mnemonic as a command-line argument and later persists it into configuration, which exposes extremely sensitive key material through shell history, process listings, CI logs, and local files. In the context of a blockchain messaging/payment skill, compromise of the mnemonic can lead to full wallet takeover, message decryption, and unauthorized transactions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script writes the mnemonic into the mcporter JSON config under the server environment, creating a plaintext at-rest copy of wallet secrets. Any local user, backup system, malware, or accidentally shared workspace/config can recover the seed phrase and gain complete control over associated Kaspa assets and potentially access encrypted communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal