Clawked

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for Ceaser, but it handles ETH withdrawals and note secrets through an unpinned external npm command, so it belongs in Review.

Install only if you trust the skill publisher and the `ceaser-mcp` npm package. Before any shield, unshield, import, or settle action, require explicit confirmation of Base network, amount, recipient address, fees, and note ID. Treat backup strings and `~/.ceaser-mcp/notes.json` as private keys: do not paste them into shared chats or logs, and keep the file protected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to import note backup strings and states that notes are stored at ~/.ceaser-mcp/notes.json, but it does not give strong, explicit operational-security guidance at the import/storage step. In this protocol, the backup string and local notes file effectively function as spend credentials: anyone who obtains them can likely unshield funds, so insufficient warning materially increases risk of theft through logging, shell history, backups, or weak filesystem permissions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal