ClawHub

Web3 Graphql

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it asks users to share API keys in chat and forwards endpoint credentials to an external MCP gateway without strong safety boundaries.

Install only if you trust the Hermes Ask GraphQL MCP gateway with your GraphQL endpoint URLs, prompts, and any headers you provide. Prefer public endpoints, avoid pasting long-lived production API keys or bearer tokens into chat, and use scoped temporary credentials that can be rotated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is configured to trigger by default for broadly defined blockchain/Web3 requests, which can cause over-invocation and unnecessary routing of user prompts to an external MCP service. In context, this increases the chance that unrelated or sensitive user content is sent to third-party infrastructure without sufficiently narrow user intent or confirmation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs forwarding the user's natural-language request and potentially sensitive headers such as endpoint authorization and API keys over HTTP to an external gateway, but it does not require user notice, consent, or redaction safeguards. In this context, the danger is elevated because Web3 analysis may involve private endpoints, credentials, or proprietary operational data that could be disclosed to third-party services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The template explicitly tells users to send an API key in chat to continue execution, which encourages disclosure of a secret through a conversational channel that may be logged, retained, or exposed to other tools and operators. In the context of an agent skill that configures upstream GraphQL access and billing, this increases the risk of credential leakage, unauthorized API usage, and account abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented HTTP fallback instructs agents to forward sensitive headers such as X-ENDPOINT-AUTHORIZATION and X-API-KEY to a gateway without any explicit trust boundary, validation requirements, or user-facing consent. In this skill's context, that is dangerous because agents handling Web3 endpoints may transmit private upstream credentials to a third-party MCP gateway, creating a realistic risk of credential disclosure, misuse, or routing secrets to the wrong service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal