ClawHub
Back to skill

Security audit

Solana Token Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it stores Telegram bot credentials in local plaintext config and gives broad autonomous monitoring instructions.

Install only if you are comfortable with this skill making repeated DexScreener requests and optionally sending Telegram messages. Use a dedicated Telegram bot token, assume it can be recovered from local config files, rotate or revoke it if exposed, and only enable monitors when you explicitly want ongoing alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates it reads and writes local monitor configuration files and makes outbound network requests, but it does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: users and any hosting agent may underestimate the skill's access, especially since it can also optionally send messages to Telegram using user-supplied credentials.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger guidance is broad enough that an agent could invoke this skill during ordinary discussion of token performance, causing unintended monitoring actions or repeated external calls. In an autonomous agent context, vague activation criteria increase the chance of acting without clear user consent, which can create privacy, cost, and operational risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions encourage passing Telegram bot credentials on the command line and storing them in config, but provide no safeguards around secret handling, redaction, retention, or user consent. Command-line secrets can be exposed through shell history, process listings, logs, or agent traces, making credential compromise more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal