ClawHub

Whale Alert Monitor 鲸鱼监控

Security checks across malware telemetry and agentic risk

Overview

This paid crypto-monitoring skill is marketed as live whale tracking, but its core reports and alerts are generated from random simulated data.

Review carefully before installing or paying. Treat current outputs as demo or simulated data unless the publisher provides real blockchain/exchange integrations and clear data provenance. Verify billing behavior before running payment.py, use only trusted webhook destinations, protect bot tokens, and run the daemon only if you accept continuous local logging and history files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (19)

Tainted flow: 'webhook_url' from os.getenv (line 200, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
'embeds': [embed]
            }
            
            response = requests.post(webhook_url, json=payload, timeout=10)
            if response.status_code == 204:
                logger.info("✅ Discord通知已发送")
            else:
Confidence
91% confidence
Finding
response = requests.post(webhook_url, json=payload, timeout=10)

Tainted flow: 'webhook_url' from os.getenv (line 200, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
'timestamp': datetime.now().isoformat()
            }
            
            response = requests.post(webhook_url, json=payload, timeout=10)
            if response.status_code == 200:
                logger.info("✅ Webhook通知已发送")
        except Exception as e:
Confidence
95% confidence
Finding
response = requests.post(webhook_url, json=payload, timeout=10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises only monitoring functionality, yet static analysis detected effective capabilities for environment access, file reads/writes, and network operations without any declared permissions. Undeclared capabilities reduce transparency and informed consent, making it harder for users or platforms to assess what data may be accessed or where data may be sent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is whale-transfer monitoring, but the detected behavior includes external billing calls, a hardcoded API key, outbound notifications to third-party channels, and local file persistence. This mismatch is dangerous because hidden billing, secret misuse, and undisclosed data exfiltration paths can expose user data, create unauthorized charges, and undermine trust in the skill's stated scope.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill reads an environment-based user identity even though the advertised skill purpose is whale-tracking, not billing or account management. This broadens the skill's access to host-provided identity context and creates privacy and misuse risk, especially because the identifier is then transmitted to an external service and may default to a shared value.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The docstring claims the function only verifies whether a user has paid, but the implementation actually initiates a charge by calling charge_user. This mismatch is dangerous because callers may invoke a seemingly harmless check function and unknowingly trigger billing, enabling deceptive or unauthorized charges in contexts that expect a read-only verification step.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function presented as data collection for exchange flow monitoring does not fetch real blockchain or exchange telemetry; it generates random synthetic transactions. In a paid skill marketed for whale tracking and large-transfer alerts, this is dangerous because users may make financial decisions based on fabricated data while believing it is live intelligence.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The demo prints operational claims such as monitoring Binance, detecting significant flows, and comparing exchanges, but every result is derived from random mock records. This can mislead operators into treating sample output as genuine market surveillance, especially given the surrounding product description and paid invocation context.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises whale tracking, large transfer alerts, and exchange flow analysis, but this file implements only a static address list plus locally randomized records. In context, this is more dangerous than a harmless toy because the skill is user-facing, financially themed, and monetized, creating a strong risk of deceptive functionality that can drive harmful trading or operational decisions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function claims to compute PnL history but fabricates profits by crediting every sell with a fixed 10% gain, regardless of actual cost basis or market conditions. In a crypto whale-monitoring skill, this can materially mislead users into believing an address is consistently profitable, driving bad trading decisions and undermining trust in the analysis.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code presents itself as analyzing a specific wallet address, but the trade history function ignores the address entirely and returns random simulated trades. In the context of a paid crypto monitoring skill, this is dangerous because users may act on fabricated wallet intelligence, potentially suffering financial loss from false alerts or false attribution of whale behavior.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This code claims to monitor large on-chain transfers, but `fetch_recent_transfers` only fabricates random transaction data. In a paid monitoring skill, this is dangerous because users may rely on fake alerts for trading or operational decisions, creating deception and financial harm even though there is no direct code-execution risk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module documentation states that it monitors blockchain large transfers and sends alerts, but the implementation is only a simulation. This mismatch is a security-relevant integrity issue because it can mislead users into trusting nonexistent monitoring coverage, especially in a financial-alerting context.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is presented as a whale tracker for monitoring real on-chain activity, but the core transaction retrieval logic fabricates random transactions instead of querying blockchain data. This can mislead users into making financial decisions based on false intelligence, which is especially dangerous in a paid crypto-monitoring skill.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The wallet balance reported to users is generated with a random value rather than computed from actual on-chain state. Because the displayed report and exported JSON include this fabricated balance, the skill produces materially false output while claiming to analyze whale wallets.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
Although the docstring mentions simulated transaction history, the overall module name, behavior, output formatting, and skill description market the tool as a genuine whale-monitoring system. This mismatch increases the risk that users will overlook the simulation note and trust fabricated analytics as real.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes Telegram/Discord/Webhook notifications but does not disclose that wallet activity, addresses, labels, and potentially sensitive monitoring results will be sent to third-party platforms. In a crypto-monitoring context, this can expose trading intelligence or operationally sensitive data to external services and create privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The configuration example shows Telegram bot token and chat ID usage without any warning about secret handling, which can normalize unsafe credential practices such as hardcoding tokens into config files or committing them to version control. If exposed, a bot token can allow unauthorized message access or abuse of the notification channel.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code automatically charges the user during payment verification without a prior user-facing warning, confirmation, or authorization step. In a paid skill context this is especially risky because invocation of the skill can directly create financial impact, and the lack of explicit consent makes accidental or abusive billing much more likely.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal