ClawHub

Monolith — Crypto Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto-wallet skill that can move funds within configured policy limits, so users should treat it carefully but the artifacts are coherent with that purpose.

Install only if you understand that an AI agent may move crypto assets automatically within the policy you configure. Use conservative caps and allowlists, verify the downloaded macOS daemon/companion source, keep the audit log enabled, and avoid funding the wallet with more value than you are comfortable exposing to automated policy-based actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that in-policy transfers and swaps can execute automatically on autopilot, but it does not present a prominent warning about the financial risk of autonomous value transfer. In a wallet context, this is materially dangerous because prompt injection, agent misinterpretation, compromised allowlists, or bad policy configuration could lead to real asset movement without a fresh human confirmation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This client exposes highly sensitive and potentially destructive daemon actions such as sign, panic, policyUpdate, allowlistUpdate, setup, and setupDeploy as simple method calls with no built-in confirmation, capability gating, or caller-context checks. In the context of a crypto wallet skill for AI agents, this is especially dangerous because an upstream prompt injection, compromised tool caller, or confused agent workflow could trigger irreversible wallet, policy, or deployment actions programmatically.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The file exposes a direct deployWallet() helper that triggers an on-chain deployment via daemon.setupDeploy() without any confirmation gate, explicit consent check, or even a warning in the returned workflow data. In an agent setting, this increases the chance that an LLM or upstream caller performs a state-changing blockchain action automatically, causing unintended fees, deployment of the wallet before the user is ready, or policy bypass at the UX layer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal