ClawHub

SUPAH Wallet X-Ray

Security checks across malware telemetry and agentic risk

Overview

This wallet-analysis skill is purpose-built, but it can trigger paid external lookups from broad prompts without a clear per-scan confirmation step.

Install only if you are comfortable with wallet or ENS queries being sent to SUPAH and ENS Ideas, and with x402 USDC charges of up to $0.05 per scan. Use a limited wallet, require manual confirmation before each scan, and avoid submitting confidential customer or investigation targets unless you trust those providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The usage section includes broad prompts like 'Is this wallet safe to interact with?' and 'Profile this trader before I copy their trades,' which can cause an agent to invoke the skill opportunistically without strong user confirmation. In this skill's context, that is more dangerous because each invocation can trigger a paid external request, so ambiguous activation can lead to unintended spending and external data disclosure about user-supplied addresses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the document mentions '$0.05 USDC per scan,' the broad description and natural-language usage examples do not prominently and consistently warn that using the skill causes an automatic paid network call. This increases the risk that an agent or user triggers micropayments unintentionally, especially when prompts are phrased as ordinary questions rather than explicit purchase actions.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation states that ENS names and wallet addresses are automatically resolved and sent to multiple third-party services, but it does not explicitly warn users that their queried identifiers will be transmitted off-platform. This creates a real privacy and transparency issue: users may not realize that sensitive wallet intelligence lookups are disclosed to external providers, enabling query logging, profiling, or correlation of analyst interest with specific addresses.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the user-supplied ENS/address to a third-party resolver service before obtaining explicit consent or clearly warning that the input will be disclosed externally. This can leak sensitive investigation targets or operational context, especially if the skill is used to assess wallets tied to private investigations, internal fraud reviews, or pre-transaction screening.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The script writes scan output, including wallet intelligence results and endpoint metadata, to a predictable file in /tmp without prior warning. On multi-user systems or shared agent environments, temporary files may be exposed to other processes or persist longer than expected, leaking sensitive analysis results.

External Transmission

Medium
Category
Data Exfiltration
Content
ENS_NAME=""

if [[ "$INPUT" == *.eth ]] || [[ "$INPUT" == *.xyz ]] || [[ ! "$INPUT" =~ ^0x ]]; then
  ENS_RESULT=$(curl -sf "https://api.ensideas.com/ens/resolve/$INPUT" 2>/dev/null || echo "{}")
  RESOLVED=$(echo "$ENS_RESULT" | node -pe "try{JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).address||''}catch(e){''}" 2>/dev/null || echo "")
  if [ -n "$RESOLVED" ] && [ "$RESOLVED" != "null" ] && [ "$RESOLVED" != "" ]; then
    ADDRESS="$RESOLVED"
Confidence
95% confidence
Finding
https://api.ensideas.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal