ClawHub

privy-integration

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill matches its Privy wallet and payments purpose, but it needs review because it includes real-money, private-key, and autonomous-payment examples without consistently placing strong consent and safety controls next to them.

Install only if you are comfortable with a high-risk wallet/payments reference skill. Before using its examples, require testnet or sandbox defaults, explicit user confirmation, spend caps, recipient and domain allowlists, audit logging, secret redaction, and strict approval policies for any autonomous or private-key operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples demonstrate sending on-chain value and payment-enabled requests without an explicit warning that they can move real funds or incur charges. In a wallet/payment integration skill, readers may copy these snippets into production or test against mainnet-like environments, causing unintended spending or irreversible transactions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document explicitly describes a fully autonomous, developer-owned wallet model that can execute transactions without user approval, but the warning is relatively understated compared with the operational guidance. In a skill about agentic wallets and payments, this can normalize high-risk deployment patterns and lead users to enable autonomous fund movement without sufficiently prominent disclosure of financial loss, mis-execution, or abuse risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The React x402 example demonstrates a payment-capable fetch flow that can automatically authorize and retry paid requests, but it does not prominently warn that calling the helper may spend real USDC. In a payments integration skill, developers may copy this pattern directly into production UI, causing unexpected charges or silent spending if triggered without clear consent, limits, or destination validation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The server-side x402 sample wraps fetch so that 402 responses are handled transparently, meaning an agent or backend process can spend wallet funds without any human checkpoint. In an autonomous-agent context this is more dangerous because a compromised endpoint, SSRF path, or misconfigured URL could trigger unintended payments at machine speed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The MPP client and polyfill examples automatically satisfy payment challenges and, in session mode, may commit or later settle value without per-request visibility. Because the skill targets agentic apps and machine payments, developers could enable this globally and unintentionally allow broad portions of an app to make paid requests to untrusted or unexpected services.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The user lookup example creates users and wallets from email or phone identifiers without mentioning consent, lawful basis, or misuse controls. In practice this can encourage developers to provision wallets for third parties based on personally identifiable information, leading to privacy violations, unwanted account creation, and abuse of payment routing workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes an example calling importWallet with a raw privateKey value, but it does not warn that private keys are extremely sensitive secrets that must never be hardcoded, logged, pasted into client code, or handled in insecure environments. In a React SDK reference, this is especially risky because developers may copy the snippet into browser-side applications, exposing wallet credentials and enabling full wallet compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a direct private key export example without any warning, access-control guidance, or discussion of the consequences. In a wallet/server SDK context, normalizing private key export is dangerous because copied or logged keys enable full irreversible wallet compromise and theft of assets.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The transaction examples show signing and broadcasting on-chain transactions without warning that these actions can move funds and are irreversible once confirmed. In an agent/payment/wallet integration skill, readers may copy these snippets into production or automation flows and unintentionally authorize real asset transfers.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The examples show signing and sending Solana transactions against mainnet and include transfer patterns, but they do not clearly warn that these operations can move real funds if copied verbatim. In a wallet/auth integration reference, developers may paste example code into production or test against mainnet unintentionally, increasing the chance of accidental fund movement or unsafe demos.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The gas sponsorship flow has the client send a signed transaction blob to a server for co-signing and broadcast, but it does not warn about integrity, authentication, replay, logging, or privacy risks around that serialized transaction. Without guidance, implementers may build a sponsor endpoint that signs arbitrary user-submitted transactions or leaks sensitive transaction details through transport or server logs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes a server-side API that returns raw private key material without an immediate, explicit warning that exporting and handling private keys on the server defeats many wallet-isolation guarantees and creates a severe secret-management risk. In a wallet/authentication integration guide, this is especially dangerous because developers may copy the example into production and log, persist, transmit, or otherwise mishandle the exported key, enabling full wallet compromise if the backend or observability stack is breached.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal