ClawHub

Agent Identity Protocol

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it gives an agent durable private-key and USDC transaction authority with warnings and confirmations that are not strong enough for that level of risk.

Install only if you are comfortable with a blockchain identity tool that stores a local private key and can sign, approve, stake, link accounts, and vouch on-chain. Use a fresh low-value key, verify the registry contract and REGISTRY_ADDRESS before transactions, avoid importing a main wallet key, and do not allow register, link, or vouch commands to run automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The feature list advertises staking and account linking but does not prominently warn that these actions generate blockchain transactions, may cost funds, and permanently expose identity associations on a public ledger. In an identity skill, this context makes the omission more dangerous because users may unintentionally dox cross-platform accounts or lock funds in staking flows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup flow instructs the user to generate a signing key and store it under the home directory before giving an upfront warning that sensitive credentials will be created on disk. This is risky because users may proceed without understanding backup, theft, or multi-user host implications, and the key appears central to identity authentication.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code persists `keyData`, which includes private key material used for blockchain signing, to a predictable file under the user's home directory. Although the directory and file modes are restricted to `0700`/`0600`, storing plaintext private keys on disk materially increases the risk of key theft from local compromise, backups, malware, or accidental disclosure; in this skill's context, compromise of the key can directly enable unauthorized on-chain actions and loss of staked or controlled assets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal