ClawHub

SUPAH Portfolio Guardian

Security checks across malware telemetry and agentic risk

Overview

This wallet-monitoring skill is read-only and purpose-related, but it overstates real-time protection and has unclear payment, third-party data sharing, and local storage disclosures.

Review before installing. Treat it as an on-demand portfolio checker, not guaranteed real-time protection. Install only if you are comfortable sending wallet addresses and portfolio queries to SUPAH and related providers, storing watched addresses locally in ~/.supah-guardian-state.json, and relying on an unclear x402 payment path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill advertises continuous monitoring, suspicious transaction detection, approval monitoring, and real-time alerts, but the finding indicates those behaviors are not actually implemented or are only available through manual polling. In a security-monitoring context, overstating detection and alerting capabilities can cause users to rely on protections that do not exist, potentially missing fraud, malicious approvals, or rapid portfolio compromise.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The header claims that access is handled via x402 USDC micropayments with no API keys, but the implementation makes ordinary HTTPS GET requests and contains no payment enforcement or x402 handling. This is dangerous because users and integrators may rely on a false security and billing model, potentially causing unauthorized access assumptions, incorrect trust decisions, or unexpected data disclosure to a third-party API.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The usage phrases are broad and could trigger the skill on ambiguous wallet-related prompts, increasing the chance that wallet addresses or portfolio requests are sent to the remote service without sufficiently explicit user intent. In a crypto context, even read-only wallet monitoring is privacy-sensitive because addresses reveal holdings, trading activity, and behavioral patterns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mentions Moralis and SUPAH infrastructure, but it does not clearly warn users that wallet addresses, balances, transaction history, approvals, and portfolio activity may be transmitted to third-party services for analysis. Because blockchain addresses are highly linkable and financially sensitive, insufficient disclosure creates meaningful privacy and consent risk even if no private keys are collected.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill persists watched wallet addresses and monitoring metadata to a local file in the user's home directory without disclosure or permission controls. While blockchain addresses are often public, this local state can reveal a user's interests, monitored accounts, and activity history to other local users or processes, creating a privacy leak in shared environments.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill sends wallet addresses and associated portfolio lookup requests to a remote API without a clear user-facing notice at the point of transmission. In this context, wallet addresses are sensitive enough to reveal holdings, behavior, and monitoring interests, so silent transmission to a third party can create privacy and compliance concerns even if the transport uses HTTPS.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal