ClawHub
Back to skill

Security audit

Onchor Clawhub

Security checks across malware telemetry and agentic risk

Overview

The skill matches its API marketplace purpose, but it gives an agent high-impact access to a USDC-funded account without enough credential and transaction safeguards.

Install only if you are comfortable letting the agent access an Onchor account that can hold and spend USDC. Store the oat_ token only in a secure secret store, avoid putting it in chat memory or logs, verify the npm/MCP package before running it, and require explicit human approval for every paid call, purchase, subscription, listing edit/delete, wallet/webhook change, and withdrawal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to save a long-lived `oat_` API token to memory/notes, but provides no safeguards around secret storage, scope, retention, or redaction. In an agent environment, notes/memory may be exposed to other tools, prompts, logs, or sessions, so this guidance can lead to credential leakage and account takeover.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The withdrawal section describes transferring USDC to an arbitrary Solana wallet without a clear confirmation or warning that this moves funds and may be irreversible. In an agent-driven workflow, such instructions can normalize autonomous fund transfers and increase the risk of accidental or prompt-induced exfiltration of financial assets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The profile update example allows changing `wallet_solana` and `webhook_url` without warning that these fields can redirect payouts or send sensitive event data to attacker-controlled endpoints. For an agent skill, this is dangerous because a manipulated instruction could silently reroute money or outbound data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal