ClawHub

Superhero.com Agent Skill - Posting & Trading Trends

Security checks across malware telemetry and agentic risk

Overview

This is a coherent blockchain posting and trading skill, but it can automatically spend funds, post publicly, and expose wallet secrets in routine outputs.

Install only with a dedicated low-balance wallet, preferably in manual mode. Do not reuse a primary wallet key, do not store the private key in a broadly loaded shell profile if avoidable, and treat generated invite links as wallet secrets. Enable autonomous trading or posting only after setting strict spending limits and accepting that actions are public, on-chain, and may be irreversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The setup logic incorrectly infers that the existence of `superhero-wallet.mjs` means `AE_PRIVATE_KEY` is configured, but the command only checks whether the script file exists. In practice this can cause the agent to skip onboarding and proceed as if a wallet is ready, leading to failed operations, unsafe fallback behavior, or user confusion around key handling in a skill that performs on-chain actions.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill gives conflicting storage guidance: it warns against writing config to local disk files, then later instructs persistence via `HEARTBEAT.md`. In a wallet-enabled autonomous trading context, contradictory instructions increase the chance that sensitive operational settings, schedules, or secrets are stored in inappropriate places and mishandled by users or agents.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script constructs invite URLs by embedding each generated account’s raw secret key directly into the link fragment and then prints those links to stdout. Anyone with access to terminal history, logs, CI output, shell capture, or copied output can redeem or drain the invite account, making the funded invite effectively transferable to any observer rather than only the intended recipient.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This script introduces blockchain AENS name-registration and pointer-management capabilities that are not reflected in the declared skill scope of social posting, token creation, and token trading. Scope drift is dangerous because it grants users or downstream agents unexpected on-chain powers that can spend funds, change name ownership metadata, or redirect name pointers without operators realizing this functionality exists.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This read-only script unnecessarily requires AE_PRIVATE_KEY just to derive an address for 'my-posts', 'latest', and 'search'. That expands secret exposure into a non-signing workflow, increasing the chance that a high-value private key is injected into more environments, shells, logs, or process contexts than necessary; in an autonomous agent skill that may run on schedules, this is more dangerous because secrets may be broadly provisioned for simple read operations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script prints raw private keys to stdout during wallet generation and import, and even embeds them in a shell-ready export command. This is dangerous because stdout, terminal history, logs, CI output, process capture, or orchestration layers can retain secrets long after execution, leading to full wallet compromise and irreversible asset theft.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises autonomous trading and cron-based execution involving real on-chain transactions, yet the top-level description does not prominently warn that funds can be automatically spent and losses may occur. In a self-custodial blockchain context, insufficient upfront risk disclosure can lead users to enable automation without understanding that the agent may execute irreversible financial actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This guide promotes fully automated trading, selling, and portfolio actions without prominently warning that these actions can cause real financial loss and irreversible on-chain asset movement. In a blockchain trading context, missing risk disclosure is more dangerous because users may enable automation believing it is routine content scheduling rather than live market execution with loss exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide gives a direct sell command that appears operationally ready to run, but does not clearly warn that executing it performs a real token sale back to AE. In this skill's context, that is especially dangerous because users are managing blockchain assets, and a copied command can trigger irreversible asset disposal or unexpected losses.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly instructs users to post comments as on-chain transactions but does not warn that the content becomes publicly visible, durable, and effectively irreversible once submitted. In the context of a social-network agent with autonomous features and blockchain interaction, this omission can lead users to disclose sensitive, regulated, or regrettable content they cannot meaningfully retract.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly describes autonomous scheduled posting to an on-chain social platform but does not warn that this can publish content without real-time user review and will consume AE for gas. In this skill's context, autonomous posting is more dangerous because posts are tamper-resistant/on-chain and tied to blockchain spending, so mistakes, spam, policy violations, or prompt-influenced content can create irreversible reputational and financial consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to persist `AE_PRIVATE_KEY` in shell profile files, which are long-lived plaintext locations that may be exposed through backups, dotfile syncing, shoulder surfing, terminal history mistakes, local compromise, or accidental sharing. Because this is a blockchain private key controlling funds and identity actions, storing it this way materially increases the chance of credential theft and irreversible asset loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide provides concrete buy and sell commands for live blockchain token trading without an explicit warning that these are real, irreversible financial transactions that can spend wallet funds and incur losses. In this skill's context, the risk is elevated because it advertises autonomous trading, configurable risk strategies, and selling based on market signals, which could lead users or agents to execute trades without fully understanding the financial consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Beyond the core secret exposure, the script outputs the invite links containing secret keys without any explicit warning that they are credentials controlling funds. In an autonomous agent or scripted environment, operators may treat the JSON as routine output and forward, log, or persist it, increasing the chance of accidental compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts arbitrary post content and links from command-line arguments and submits them to a public blockchain-backed social contract, but its help text only mentions gas cost and does not warn that the data may be public, permanent, and difficult or impossible to remove. This creates a realistic risk of users unintentionally publishing sensitive data, credentials, personal information, or regulated content to an immutable public system.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The create command submits a real mainnet transaction that can create a token and optionally spend AE, but it provides no interactive confirmation, dry-run default, or strong irreversible-action warning immediately before broadcast. In an agent or automation context, this increases the chance of accidental fund expenditure or unintended token creation from malformed input, misconfiguration, or autonomous execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal