ClawHub

Near Subaccount

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can delete NEAR accounts and send funds without confirmation while building shell commands from unvalidated input.

Install only if you are comfortable letting an agent run NEAR CLI account operations with your configured account. Use a low-value or test account, inspect recipient files manually, verify amounts and account IDs before each run, and avoid automated delete or distribute use until confirmation, dry-run, input validation, and safer command execution are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented `delete` command enables destructive account operations without warning that deletion may be irreversible or may transfer/remove access to assets tied to the subaccount. Users may invoke it casually or through automation without understanding the permanence and account recovery implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Bulk token distribution performs financial transfers to multiple destinations, yet the skill documentation does not warn about irreversible transfers, malformed recipient lists, or accidental over-distribution. In a blockchain context, mistakes can immediately cause unrecoverable loss of funds at scale.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete operation immediately executes `near delete-account` with no confirmation prompt, dry-run mode, or explicit destructive warning at the point of action. In a CLI that manages real blockchain accounts and transfers remaining funds to a beneficiary, a typo, automation mistake, or maliciously supplied argument can cause irreversible loss of account control and unexpected fund redirection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal