ClawHub

Bittensor SDK

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Bittensor SDK skill, but it broadly covers wallet-signing and administrator blockchain actions without strong scoping or safety warnings.

Install only if you intentionally want an agent to use Bittensor SDK reference material for wallet and chain operations. Treat every transaction-building suggestion as high risk: verify network, wallet, destination addresses, amounts, coldkey or proxy changes, and sudo/root calls yourself before signing, and prefer read-only queries or testnet/dry-run checks first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (30)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document is explicitly for `non_sudo_calls` yet it includes a `SUDO` call template, creating a dangerous mismatch between label and contents. In a high-risk blockchain operations skill, that misclassification can cause downstream agents or users to treat privileged execution as routine, increasing the chance of unauthorized or destructive actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is excessively broad and invites invocation for nearly any Bittensor-related task, including high-risk wallet, staking, delegation, and account-control actions. In an agent setting, vague routing increases the chance the skill is selected for sensitive operations without additional guardrails or user confirmation.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill prominently documents operations that can move funds, alter staking positions, register identities, delegate authority, and swap coldkeys, but it does not present a clear upfront warning about irreversible financial consequences or account-control risk. In an agent workflow, such omission can lead users or downstream systems to treat dangerous blockchain actions as routine API calls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes a coldkey swap that transfers all assets, stakes, ownerships, and hotkey associations, but it does not present strong cautionary language about the operation’s irreversible and account-critical nature. In a wallet and blockchain operations skill, users may follow these docs directly, so understated risk messaging can contribute to accidental self-lockout, unintended asset transfer, or operational mistakes during key rotation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes async registration operations that can burn or recycle TAO and create on-chain effects, but it does not prominently warn users that these actions may spend funds and be irreversible once submitted/finalized. In an agent-skill context, omission of safety caveats is more dangerous because an automated system may invoke these calls directly from user intent without an additional human confirmation step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The subnet identity API encourages submission of contact details, URLs, descriptions, and other metadata to the blockchain without warning that this information may become public, permanent, and difficult or impossible to remove. In a skill that agents may use to automate subnet management, this increases the risk of accidental disclosure of personal, operational, or sensitive organizational information.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation exposes an operation that explicitly 'immediately burn[s] the resulting Alpha' but does not prominently warn that the action is irreversible and may permanently destroy value. In a wallet/staking SDK context, users may invoke this from generated docs or agent workflows without realizing the economic finality, increasing risk of accidental asset loss rather than code-execution compromise.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The auto-stake documentation states that rewards will be 'automatically stake[d] ... immediately upon receipt' but does not clearly warn that this changes future reward handling until reconfigured. In a financial SDK used by agents, hidden persistence of staking behavior can cause unintended lock-up of rewards, accounting surprises, or delegation to an unintended hotkey/subnet over time.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation describes a root-only operation that resets coldkey swap state and clears announcements/disputes, but it does not prominently warn that this is a destructive administrative action with security and recovery implications. In a wallet/blockchain administration context, operators may underestimate the consequence of invoking it, which can lead to accidental bypass of safeguards or loss of auditability around disputed swaps.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation explicitly states that a root user can perform a coldkey swap without announcement, transferring all stake and associations, but it lacks an explicit high-visibility warning about the extreme sensitivity and abuse potential of this capability. In this skill's context, which serves as an SDK reference for real chain operations, omission of such a warning materially increases the chance of unsafe use or integration of a function that can reassign assets and identities.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation exposes a privileged `sudo_call_extrinsic` operation and describes its parameters without any clear warning that it enables high-impact administrative or root-level actions that may be irreversible. In an SDK reference used by agents or developers, omission of safety guidance can materially increase the chance of accidental misuse of privileged wallet credentials and unintended chain-wide changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes a coldkey swap that transfers all assets, stakes, subnet ownerships, and hotkey associations, but it does not present this as a clear, prominent warning or caution. In a wallet/key-management context, missing explicit warnings can lead users or downstream agents to trigger an effectively irreversible, high-consequence operation without understanding the blast radius.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The announcement documentation notes that all transactions from the coldkey are blocked except the swap execution path, but this is buried in descriptive text rather than surfaced as an explicit warning. In the context of key management for blockchain assets, this omission can cause users to lock themselves out of normal account operations unexpectedly, creating avoidable denial-of-service and operational risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This documentation describes financially significant on-chain actions such as campaign creation, contribution, dissolution, refunds, and withdrawals, but it does not prominently warn users that these are real blockchain transactions with fees, timing constraints, and in some cases irreversible consequences. In a high-risk SDK context, omission of explicit safety warnings can mislead integrators or users into invoking destructive or costly operations without adequate confirmation or review.

Missing User Warnings

High
Confidence
95% confidence
Finding
The finalize documentation states that finalization executes a stored call or transfers raised funds, but it does so descriptively rather than as an explicit hazard warning. Because finalize_crowdloan_extrinsic can trigger irreversible value transfer or code-path execution on-chain, insufficient warning materially increases the chance of accidental or socially engineered misuse in wallets, agents, or automation built from this reference.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This documentation describes stake-moving operations that can alter on-chain asset allocation, but it does not prominently warn users that blockchain submissions may be irreversible and financially impactful once signed and included. In a wallet/staking SDK context, omission of such warnings increases the risk of user error, accidental loss, or unintended asset movement, especially when users rely on generated docs as operational guidance.

Missing User Warnings

High
Confidence
96% confidence
Finding
The transfer_stake_extrinsic docs state that stake is transferred while changing the coldkey owner, but they do not clearly emphasize that this can permanently reassign control/beneficial ownership of staked assets to another coldkey. In a blockchain SDK used for wallet and staking operations, that omission is high risk because a user may misunderstand the call as a routine subnet transfer rather than an ownership-changing asset transfer.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents financially sensitive crowdloan extrinsics such as create, finalize, refund, withdraw, and contribute as straightforward calls, but it does not warn that signing and submitting these extrinsics can move funds, lock capital, or trigger irreversible on-chain state changes. In an agent-skill context, this omission is risky because an automated system may translate these examples directly into wallet-affecting actions without prompting the user for confirmation or explaining consequences.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This reference page documents many high-impact financial and account-management operations such as staking, stake transfer, coldkey swaps, and root-only actions without a clear safety warning about irreversible or privileged effects. In an agent skill context, this increases the risk that an LLM-driven agent may recommend or construct dangerous transactions for a user without adequate caution, especially around root-only and fund-moving calls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly describes how to construct and submit a Sudo-wrapped call, which enables privileged root-like execution, but it provides no warning that this operation is highly sensitive and can alter chain state in destructive or irreversible ways. In a general-purpose SDK skill intended to assist with wallet, staking, subnet, and chain operations, omission of privilege and safety guidance materially increases the risk of accidental misuse by users or downstream agents.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation encourages users to submit rich subnet identity fields such as contact info, URLs, Discord, and descriptive metadata to the blockchain, but it does not clearly warn that this data may be public, durable, and difficult or impossible to fully retract. In a blockchain SDK context, that omission can cause accidental disclosure of personal or sensitive organizational information, especially because users may assume these fields behave like ordinary application metadata rather than permanent on-chain publication.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This documentation describes state-changing blockchain extrinsics such as registration, claiming emissions, and changing claim type, but it does not prominently warn users that these operations submit on-chain transactions, may incur fees, alter wallet/network state, and can be irreversible once finalized. In an agent-skill context, documentation can be used as operational guidance by automation, so the absence of explicit safety warnings increases the risk of accidental unauthorized or unintended chain actions.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
This documentation covers real fund-moving staking, burning, and auto-staking operations but does not prominently warn users that these actions can be irreversible, market-sensitive, and may result in asset loss or unintended delegation. In a wallet and staking SDK context, omission of explicit financial-risk warnings can materially increase the chance of operator error, especially when functions include burn behavior, auto-staking, and optional MEV settings that users may misunderstand.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation describes a root-only coldkey swap that transfers all stake and associations and can charge the old coldkey, but the excerpt does not present a strong explicit warning about irreversibility, authorization sensitivity, or operational risk. In a wallet/blockchain admin context, under-warning highly privileged and destructive operations can contribute to operator misuse and accidental asset loss even if the underlying function is intended.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation describes a wallet-signed on-chain extrinsic that changes a delegate's take percentage, but it does not clearly warn that this is a financially consequential blockchain action requiring private-key authorization and may affect rewards, delegation economics, and irreversible on-chain state. In an agent skill context, exposing such an operation without prominent caution increases the risk of users or autonomous agents invoking it unintentionally.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal