ClawHub

knowbster

Security checks across malware telemetry and agentic risk

Overview

Knowbster appears purpose-aligned, but it can spend real ETH using a wallet private key and does not clearly require confirmation, spending limits, or strong secret handling.

Install only if you intend to let an agent interact with Knowbster and Base transactions. Use a dedicated low-balance wallet, never a primary wallet key, keep the Pinata token least-privileged, require manual confirmation for every purchase/list/validation, and only upload content that is safe to store externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages initializing the client directly with `process.env.PRIVATE_KEY` and immediately demonstrates a purchase flow, but it does not warn that this key controls funds or that `purchase()` may spend real ETH on Base. In an agent-skill context, operators may paste production wallet keys or run examples autonomously, increasing the risk of unintended transactions, fund loss, or secret exposure through poor key handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description uses broad trigger phrases like knowledge trading, expertise monetization, domain knowledge acquisition, and peer validation, which could match many ordinary research or information-retrieval tasks. Because the skill is capable of real crypto transactions, overbroad routing increases the chance an agent invokes it in an unrelated context and performs risky actions without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The purchase workflow shows a direct call to purchaseKnowledge with live network settings and no prominent warning that this spends real ETH on Base mainnet. In an agent setting, example code often becomes operational behavior, so omission of a transaction warning can lead to unintended financial loss from autonomous or mistaken execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The environment setup instructs users to provide PRIVATE_KEY and PINATA_JWT but does not prominently warn that these are highly sensitive credentials that can authorize wallet spending and third-party API actions. In agent ecosystems, unclear secret handling increases the risk of accidental exposure, logging, reuse in untrusted contexts, or overprivileged deployment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal