ClawHub

Saturnzap

Security checks across malware telemetry and agentic risk

Overview

SaturnZap appears to be a legitimate Lightning wallet skill, but it gives agents real spending power and includes setup paths that can expose wallet secrets or install a persistent service.

Review before installing on any host with real funds. Prefer signet or a low-balance wallet first, initialize with `--backup-to` and `--no-mnemonic-stdout`, keep `SZ_PASSPHRASE` out of chat and production `openclaw.json`, enforce `--max-sats` and spend-cap environment variables, and only run the remote installer or `sz service install` after checking what they change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
84% confidence
Finding
Documenting service installation, status, and uninstall operations gives the skill host-level persistence and service-management capabilities that are broader than routine wallet/payment actions. In an agent setting, this increases the blast radius from payment operations to system modification, enabling persistence, unauthorized service changes, or interference with the host if exposed without strict controls.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The JSON contract shows `sz init` returning the wallet mnemonic on stdout, which is commonly captured by logs, agent traces, or downstream tooling. Exposing seed phrases in routine command output creates a direct wallet-compromise path because anyone who sees the mnemonic can fully recover and drain the wallet.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The `sz fetch` contract describes a network fetch that can automatically pay an L402 challenge, but the documentation lacks a prominent warning that external requests and real monetary payments may both be triggered. In an autonomous agent context, this can lead to unintended outbound network access and unreviewed spending against attacker-controlled endpoints within the configured cap.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal