ClawHub

Virtuals

Security checks across malware telemetry and agentic risk

Overview

This Virtuals crypto CLI is mostly coherent, but it asks users to provide and persist a raw wallet private key with misleading safety wording and unclear mainnet/testnet boundaries.

Review before installing. Do not enter a main wallet private key. If you use it, use a fresh disposable wallet with minimal funds, assume ~/.openclaw/virtuals/config.json contains a recoverable wallet secret, and verify the network yourself because the code points to Base mainnet despite the testnet-only warning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The CLI stores a raw wallet private key in a local JSON config file despite providing mostly read-only functionality. Any local compromise, backup leak, accidental file sharing, or multi-user host exposure could reveal the key and allow full theft of blockchain assets controlled by that wallet.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The CLI explicitly tells users the private key is 'stored securely', but the implementation writes it as plaintext JSON to disk. This misrepresentation is especially dangerous because it encourages users to provide extremely sensitive credentials under false assurances, increasing the chance of wallet compromise.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The CLI tells users the private key is stored securely, but the code writes it in plaintext JSON to a local config file. This is dangerous because any local compromise, backup leak, shared home directory access, malware, or accidental file exposure can immediately reveal the user's blockchain private key and enable irreversible asset theft.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Passing a private key on the command line exposes it to shell history, process listings, logs, and telemetry tools on the host. Because this skill performs blockchain trading, compromise of the key can directly lead to irreversible loss of funds and unauthorized transactions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Accepting a private key via a command-line flag is unsafe because command arguments may be exposed through shell history, process listings, logs, or telemetry. Persisting that same value to disk compounds the exposure and creates multiple credential leakage paths for a highly sensitive secret.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The CLI accepts a raw private key via a command-line option and persists it locally without a meaningful warning. This is dangerous not only because the key is stored on disk, but also because command-line arguments may be exposed through shell history, process listings, audit logs, and telemetry, creating multiple paths for credential compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal