ClawHub

Sui Opportunities Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Sui DeFi scanner, but it also instructs the agent to autonomously execute real mainnet trades and report activity to an external API.

Review before installing. Use it only in read-only mode unless you intentionally want an agent to interact with a funded Sui wallet. Do not run it where Sui CLI keys or private keys are available unless every transaction is independently checked and approved, and assume submitted opportunities, verdicts, logs, and transaction details may be stored by the external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to perform autonomous mainnet trading and to use locally available wallet access or private-key-backed tooling. That exceeds passive opportunity discovery and moves into real-fund execution, creating risk of unauthorized transactions, financial loss, and abuse of any wallet material or signing capability present in the runtime.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill promotes autonomous execution on Sui mainnet with real assets but does not present a prominent user-facing warning that trades are irreversible, may lose funds, and should only occur with explicit consent. In the context of DeFi and arbitrage, even small errors in slippage, liquidity, contract choice, or gas assumptions can immediately burn real funds.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal