ClawHub

Agentcast

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-related, but it handles wallet identity verification and private-key on-chain actions with under-disclosed routing and safety guidance.

Review carefully before installing. Use a burner or limited-funds wallet, verify the chain and contract addresses, prefer direct Neynar/API configuration over the AgentCast proxy unless you explicitly accept that data path, and do not paste a valuable private key into an untrusted or shared environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script is documented as verifying a wallet on Farcaster, but by default it sends the signed verification payload, wallet address, FID, signer UUID, and block hash to an AgentCast-operated proxy instead of directly to Neynar. This introduces an unnecessary third-party data path for a sensitive identity-binding operation, increasing privacy, trust, and integrity risks if the proxy logs, alters, or misuses requests.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code defaults to an AgentCast-controlled proxy whenever no Neynar API key is provided, even though wallet verification can be performed directly against the upstream service. In the context of an agent identity setup skill, this is more dangerous because users are being asked to link blockchain and social identities, so silently routing that operation through a third party expands surveillance and tampering risk during a high-trust onboarding flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to set a raw PRIVATE_KEY and perform irreversible on-chain write operations, but it does not prominently warn about key exposure, transaction finality, or the risk of sending transactions to the wrong contract/network. In a wallet-registration workflow, these omissions can lead to credential compromise or unintended blockchain state changes that cannot be undone.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal