ClawHub
Back to skill

Security audit

Termix Agent Skills

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated TermiX protocol purpose, but it embeds a shared API token and asks users to handle wallet and exchange credentials for financial actions, so it should be reviewed before installation.

Install only if you understand TermiX AACP and are prepared for user-approved blockchain actions. Use a dedicated low-balance BSC testnet wallet, never reuse production or mainnet private keys, verify contract addresses from live config before signing, restrict any exchange API key with no withdrawals and minimal permissions, and prefer waiting for the publisher to remove and rotate the embedded bearer token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (18)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document exposes what appears to be a live Bearer API key for a production-like backend, which is a credential disclosure vulnerability regardless of the stated limited endpoint scope. Even if intended only for metadata staging, publishing reusable credentials in skill docs enables unauthorized API access, abuse of the staging endpoint, impersonation of agent metadata submissions, and downstream trust or integrity issues.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation instructs users to load a raw private key from an environment variable and then use it directly for signing on-chain transactions. While common in quick-start scripts, this encourages unsafe key handling practices because environment variables can leak via shell history, process inspection, CI logs, or misconfigured developer environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly tells users to place a raw wallet private key into an environment variable and run scripts that consume it, but does not provide any operational safety guidance about shell history, process inspection, CI leakage, shared terminals, or key segregation. In a blockchain workflow, compromise of that key can directly lead to irreversible loss of funds and unauthorized contract interactions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CEX_CAPITAL flow asks users to encrypt and submit exchange API credentials to a remote TEE service, but does not clearly warn about the account-risk implications if the encryption, attestation validation, backend trust boundary, or API-key permissions are misconfigured. Even encrypted submission is sensitive because these credentials can enable trading activity and potentially financial loss if mishandled or over-permissioned.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs users to export a raw client private key into an environment variable and run signing code, but it does not include any warning about key sensitivity, safer handling practices, or risks of shell history/process exposure. In a blockchain workflow, compromise of this key can allow unauthorized on-chain actions by the client wallet, so normalizing insecure key handling in docs is a real security issue.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation includes a live bearer credential without any warning, masking the fact that the file contains sensitive material and increasing the chance that users, agents, or logging systems will treat it as harmless reference text. In a skill package for protocol operations, this is more dangerous because the docs are likely to be widely loaded and copied during routine automation, expanding exposure of the credential.

Missing User Warnings

High
Confidence
95% confidence
Finding
The instructions tell users to export a raw private key into an environment variable but provide no warning about the risks of shell history leakage, process inspection, CI/CD exposure, or accidental reuse of a funded wallet. In the context of blockchain operations, mishandling the private key can directly lead to irreversible asset theft, unauthorized signatures, and compromise of on-chain identities.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly instructs users to connect to an unauthenticated real-time event stream and states that no auth is required, but provides no warning about data sensitivity, scraping risk, or whether the stream is intended for public consumption. In an agent skill context, this can normalize broad passive collection of operational data and expose job metadata at scale to any party who can connect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to place a raw private wallet key into an environment variable and run signing code locally, but it does not include any warning about shell history, process inspection, accidental logging, or the need to use a dedicated low-privilege key. Because this skill handles blockchain credentials tied to asset ownership, normalizing direct private-key handling increases the chance of credential exposure and wallet compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly requires a provider wallet private key but gives no warning about secure handling, storage, or the consequences of disclosure. In a blockchain workflow, compromise of that key can let an attacker impersonate the provider and submit transactions or move assets, so omission of handling guidance creates real credential-exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The run instructions tell users to export a raw private key directly into the shell environment without warning that environment variables may be exposed through shell history, process inspection, CI logs, crash dumps, or shared sessions. Because this key controls the provider agent wallet, disclosure could enable unauthorized on-chain submissions and potentially theft or misuse of associated funds or permissions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation exposes a hard-coded bearer token and instructs users to send it to a live API. Publishing reusable credentials in docs is dangerous because anyone reading the file can abuse the token for unauthorized API access, spam, metadata poisoning, quota exhaustion, or broader backend misuse depending on the token's scope.

Missing User Warnings

High
Confidence
96% confidence
Finding
The run instructions tell users to export a wallet private key without any safety warning or safer alternative. This normalizes insecure credential handling and can lead to theft of funds if users paste production keys into shells, scripts, shared terminals, CI systems, or logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells users to export a raw private key into an environment variable and run a signing script, but it does not warn about shell history, process/environment leakage, shared terminal exposure, or safer alternatives. In a blockchain workflow, this can directly expose the wallet key used to control on-chain assets and identities, making unauthorized transactions possible if the key is copied or observed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to export a raw wallet private key into an environment variable and use it to sign blockchain transactions, but it does not explicitly warn that this credential grants control over funds and must be handled as highly sensitive secret material. In an agent-skill context, users may follow the workflow mechanically, increasing the chance of key exposure through shell history, logs, shared terminals, or unsafe copy/paste practices.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions direct the user to perform ERC-20 approval and staking deposit transactions without clearly warning that these are state-changing on-chain actions that can lock funds, incur gas costs, and be difficult or impossible to reverse. In this skill's context, the risk is elevated because the workflow explicitly stakes tokens for protocol participation, so users may not appreciate that approval grants spending authority and deposit moves assets into contract-controlled state.

Ssd 3

High
Confidence
99% confidence
Finding
This instruction directly discloses a bearer credential and tells the user to use it in an authenticated request. In the context of an agent skill, this is especially dangerous because it can propagate secret misuse at scale and encourages operators to trust embedded credentials without verifying ownership or scope.

External Transmission

Medium
Category
Data Exfiltration
Content
### 3. Stage agent metadata

```bash
curl -s -X POST "https://aacp-backend.termix.live/api/v1/agents/metadata" \
  -H "Authorization: Bearer HrnsTtFiEchdgq7J76Pmxv9rE8jKy0Nen" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
83% confidence
Finding
curl -s -X POST "https://aacp-backend.termix.live/api/v1/agents/metadata" \ -H "Authorization: Bearer HrnsTtFiEchdgq7J76Pmxv9rE8jKy0Nen" \ -H "Content-Type: application/json" \ -d

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
docs/register-agent.md:63