ClawHub

ERC-8004 Trustless Agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for ERC-8004 blockchain workflows, but it can use a raw Ethereum private key to send real, irreversible transactions with limited safety prompts.

Review before installing. Use a dedicated low-balance wallet, prefer Sepolia and --dry-run first, verify the contract addresses and network, avoid passing private keys on the command line, and do not let an agent run mainnet register, set-uri, or feedback commands without your explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to export a private key and run a registration command on mainnet without clearly warning that this will broadcast a real on-chain transaction, spend ETH for gas, and be irreversible once confirmed. In a wallet- or key-handling workflow, omission of transactional risk disclosure can mislead users into taking costly actions with production credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The feedback examples present agent rating as a simple command but do not disclose that submitting feedback may write to chain, consume gas, and be irreversible. Because the skill centers on Ethereum interactions, this omission increases the chance that users will execute state-changing commands on mainnet without understanding the financial and permanence implications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation encourages mainnet registration, metadata updates, and feedback operations without warning that these are real blockchain transactions with gas costs and irreversible state changes. Users or agents may trigger expensive or unintended on-chain writes under the assumption that these are low-risk informational commands.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to store or provide a private key via a fixed file path or environment variable without any handling safeguards. In agent environments, this can lead to credential exposure through logs, process inspection, insecure filesystem permissions, or accidental reuse by unrelated tasks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function sends the provided file to Pinata using curl without any inline warning, confirmation prompt, or validation of what is being uploaded. In an agent skill context, users may treat helper scripts as local-only blockchain tooling, so silent transmission of arbitrary file contents to a third-party service increases the risk of accidental disclosure of sensitive metadata or secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts and directly uses a private key to send an on-chain transaction without any explicit warning, interactive confirmation, or safety prompt immediately before broadcast. In a CLI skill intended for agent registration and reputation actions, this increases the risk of accidental signing on the wrong network, with unintended parameters, or after unsafe key handling practices, leading to irreversible blockchain transactions and possible fund exposure if users pass raw keys on the command line.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal