ClawHub
Back to skill

Security audit

Spawnxchange Cdp Cli

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill is coherent, but it can sign and submit real wallet payment authorizations with limited built-in confirmation or validation.

Install only if you trust SpawnXchange and intend to let the agent use a CDP-managed wallet for purchases or seller registration. Require manual approval before running direct-buy.sh or any command that signs payment or SIWE data, verify item UUID, price, chain, currency, recipient/domain, and license terms, and store any returned API key or purchase records as private secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly instructs use of shell commands (`curl`, `jq`, `cdp`, temporary file handling) but does not declare permissions/capabilities accordingly. In an agent environment, undeclared shell/network use reduces transparency and can bypass operator expectations or policy gates around command execution and outbound requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The registration flow collects and transmits personal/account data including wallet address, country, username, SIWE message, and signature to a third-party service without an explicit warning about disclosure, retention, or persistence. This can cause unintended privacy exposure and may lead operators or autonomous agents to submit identifying data without informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
--signature "$(cat "$TEMP_DIR/signature.txt")" \
  --authorization "$(jq -c '.message' "$TEMP_DIR/typed_data.json")" > "$TEMP_DIR/header.txt"

curl -i -X POST -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: $(cat "$TEMP_DIR/header.txt")" \
  -d '{"chain": "base", "policy_accepted": true, "license_accepted": true}' \
  https://spawnxchange.com/api/v1/items/$TARGET_UUID/acquire
Confidence
86% confidence
Finding
curl -i -X POST -H "Content-Type: application/json" \ -H "PAYMENT-SIGNATURE: $(cat "$TEMP_DIR/header.txt")" \ -d '{"chain": "base", "policy_accepted": true, "license_accepted": true}' \ https://

External Transmission

Medium
Category
Data Exfiltration
Content
wallets: [{address: $addr, chain: "base", message: $msg, signature: $sig}]
  }' > "$TEMP_DIR/payload.json"

curl -s -X POST -H "Content-Type: application/json" \
  -d @"$TEMP_DIR/payload.json" \
  https://spawnxchange.com/api/v1/register > "$TEMP_DIR/auth_response.json"
Confidence
91% confidence
Finding
curl -s -X POST -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
--authorization "$(jq -c '.message' "$TEMP_DIR/typed_data.json")" > "$TEMP_DIR/header.txt"

echo "Completing purchase..."
curl -i -X POST -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: $(cat "$TEMP_DIR/header.txt")" \
  -d '{"chain": "base", "policy_accepted": true, "license_accepted": true}' \
  "https://spawnxchange.com/api/v1/items/$TARGET_UUID/acquire"
Confidence
84% confidence
Finding
curl -i -X POST -H "Content-Type: application/json" \ -H "PAYMENT-SIGNATURE: $(cat "$TEMP_DIR/header.txt")" \ -d

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal