ClawHub

Linkdrop Agent CLI

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can immediately sign and broadcast real crypto transactions from a private key without a built-in confirmation step.

Install only if you are comfortable giving this CLI a dedicated, low-balance wallet private key and allowing it to submit blockchain transactions. Review the amount, token, chain, destination, and claim URL before every run, keep secrets out of logs and repositories, and avoid using a primary wallet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The usage description for creating a Linkdrop claim link omits that the action funds and initiates a real on-chain transfer from the local wallet. In an agent setting, this can lead to unintended asset movement because users may interpret the command as merely generating a link rather than spending funds and signing transactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to provide PRIVATE_KEY and other secrets but do not include a strong security warning about the sensitivity of those credentials. Because a blockchain private key grants direct control of funds, insufficient warning materially increases the risk of unsafe storage, accidental disclosure, or misuse in shared or automated environments.

Missing User Warnings

High
Confidence
89% confidence
Finding
The sendTransaction wrapper submits signed blockchain transactions directly with walletClient.sendTransaction and does not enforce any confirmation, policy check, or transaction allowlist before broadcasting. In an agent skill context, this is dangerous because upstream prompts or tool invocations could cause irreversible on-chain transfers without an explicit final approval boundary.

Missing User Warnings

High
Confidence
95% confidence
Finding
sendClaimableTransfer creates a claim link and immediately deposits funds on-chain, which is an irreversible asset movement. In the context of an agent CLI skill that holds a private key in environment variables, this creates a meaningful risk of unauthorized or accidental fund transfer if the function is triggered by untrusted input or insufficiently reviewed automation.

Missing User Warnings

High
Confidence
84% confidence
Finding
Redeeming a claim link changes external state and may finalize the transfer of assets to the provided destination address without any built-in confirmation or validation beyond basic address format checks. In an agent setting, this can enable accidental redemption to the wrong address or unauthorized execution of a claim operation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal